In my previous post, Ghost on Amazon EC2 without using sudo, I was proposing some way of running ghost without having to use sudo and with at least a minimal eye on security.

If you have followed one of the guides that I suggested, namely Dude Looks Like a Ghost, or you have installed your own modsecurity configuration you should have received a big page announcing an Error 403 right after the update of your ghost to version 0.3.3.

Don’t worry!

Due to some security fixes in the last ghost version, modsecurity interpret the content of your ghost’s cookie as an sql injection potential attack and simply drops the communication between the browser and the website to prevent it.

If I understood what expressjs/connect are doing under the hood, there should be no problem in dropping the rule that creates this false positive from the modsecrutiry configuration. The faster way (assuming that you don’t need this rule somewhere else) is to comment it in the configuration file

sed -i '/981246/s/^/# /' modsecurity_crs_41_sql_injection_attacks.conf

and then reload nginx

/opt/nginx/sbin/nginx -s reload

Otherwise you should selectively remove the rule for the subdomain that is pointing to your ghost instance. But I suppose that if you need this last configuration you already know how to do it…