Sep 18, 2015 at 4:07 AM
Edited Sep 18, 2015 at 4:08 AM
Based on this line on the stack trace: BlogEngine.Core.Web.Scripting.WebResourceFilter.RetrieveRemoteFile(String file) +135
the error is being, probably, caused by minification routine that is trying to compress WebResource.axd. For this, BE has implemented a Stream filter that parses the output that is being sent to the client and modifies the output by replacing a minified version
of WebResouource.axd. Here is the link to the source code of the file:
In order to minify WebResource.axd, BE stream filter extracts the URL of the dynamically generated WebResource.axd and makes a request to the server using RemoteFile.cs (http://blogengine.codeplex.com/SourceControl/latest#BlogEngine/BlogEngine.Core/RemoteFile.cs
Once the file is downloaded, it minifies it and stores it in the memory cache and then replaces the default WebResource.axd <script/> tag with a custom <script/> with a hashed URL.
Now this brings me to the main cause of your error: private WebRequest GetWebRequest in
/// Creates the WebRequest object used internally for this RemoteFile instance.
/// The WebRequest should not be passed outside of this instance, as it will allow tampering. Anyone
/// that needs more fine control over the downloading process should probably be using the WebRequest
/// class on its own.
private WebRequest GetWebRequest()
if (this._webRequest == null)
var request = (HttpWebRequest)WebRequest.Create(this.Uri);
request.Headers["Accept-Encoding"] = "gzip";
request.Headers["Accept-Language"] = "en-us";
request.Credentials = CredentialCache.DefaultNetworkCredentials;
request.AutomaticDecompression = DecompressionMethods.GZip;
if (this.TimeoutLength > 0)
request.Timeout = this.TimeoutLength;
this._webRequest = request;
This function creates a WebRequest object and adds necessary headers to the request. Unfortunately
isn't one of them which causes your mod_security to reject the request and hence, the error.
While BE team releases an update, you could try downloading the source code, add a header to emulate any browser and then run it on your server.
Hope this helps,