I reinstalled Flock today and figured out what was preventing it from talking to my self-hosted blog, K-Squared Ramblings. The site is running on a stand-alone WordPress install, and I kept getting 403 Forbidden errors. (Not that I could tell. Flock hid the error and just told me something went wrong setting up the account.)

It turned out to be a setting in mod_security, an Apache module designed to limit attacks on web applications. Part of the sample filter—one that I kept because it seemed a reasonable precaution—was to block POST requests with content types other than application/x-www-form-urlencoded or multipart/form-data. However, XMLRPC uses text/xml, which was getting blocked.

There weren’t any problems reported, and none of the false positives I saw in the logs were related to the request content-type. So by the time I tried setting up Flock, it didn’t occur to me to check the mod_security log. I just figured it was a problem with my version of WordPress and left it at that.

This time, with a newer version of Flock, I decided to investigate. I found the 403 error in the server logs, checked the error log for detail, and saw the mod_security reference. A quick check of the audit logs, and there it was.

For now, I’ve loosened the content-type requirement slightly. I’ll have to decide whether it’s worth keeping XMLRPC enabled, or whether I’m better off restoring the original rule.

SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml$)"

So, the moral of the story is: If you use Flock, and you can’t get it to tie into your self/third-party-hosted WordPress blog… check the ModSecurity settings.

*This was originally posted at kelson.wordpress.com, but I moved it over here after turning that site into a photo blog.

Or, yet another blog.*

Back when WordPress.com was announced—well, pre-announced, really—I signed up for info. Eventually I discovered it was going to be a blog hosting service. At that point it seemed kind of silly, since I already had too many blogs, so I didn’t immediately jump on the invite when I finally received it. I decided to pick it up after about two weeks, at which point I tried to log in and was told that the invitation expired in a week. Not that the email had said anything about an expiration.

So now, I’m trying out Flock, mainly to see what value it adds on top of Firefox. It picked up my Del.icio.us bookmarks fine, but for some reason the blogging tool just won’t connect to K-Squared Ramblings. It should work. It’s WordPress-based, after all. Maybe it only works with the 1.6 series (I’m waiting for a stable release before I upgrade), or maybe there’s some obscure setting—or maybe it’s just a bug in Flock. (Time to sign up for yet another Bugzilla account, too) Edit: I found the problem.

Well, WordPress.com and Flock have teamed up, so Flock users don’t need to wait for an invite or wait for the site to leave beta. And, miracle of miracles, not only did the invite expiration free up my reserved username, but no one else had taken it!

I honestly don’t know what, if anything, I’ll be doing with the blog, since I’ve got so much over at K²R and all my social stuff is at LiveJournal (when you’re extending a real-life circle of friends into cyberspace, you go where your friends go). I’m sure I’ll think of something to do there.

*This was originally posted at kelson.wordpress.com, but I moved it over here after turning that site into a photo blog.