String "fwrite();" causes 503 error (Passenger or apache?)


While testing a rails application on DreamHost (mod_rails), I found a
really weird problem.

If I submit form data which includes “fwrite();” (with semi-colon but
without quotes), I get 503 error (Server temporarily unavailable).
I checked out rails log file and it didn’t even reach the rails app.
I assume the error was from web server.

You may test this at .
Just add or edit a row and write “fwrite();” in the body field and

Any idea?


I just got a reply from Dreamhost tech support.
It’s related to mod_security rules.

It appears that the fwrite in triggered one
of our mod_security rules as the following is listed in your error log:

[Thu Jun 12 17:16:48 2008] [error] [client] mod_security:
Access denied with code 503. Pattern match
_setuid|phpinfo)\\(.*\\)\\;” at POST_PAYLOAD [severity
[hostname “”] [uri “/posts/1”] [unique_id

As a workaround, you can turn off mod_security for that sub-domain. Just
go to Sign in · DreamHost , click
on the Edit button under “Web Hosting” for and
uncheck the box for “Extra Web Security?”.