If you're wondering why comments aren't working, as I was, and are on shared hosting, as I am, and get to looking at your error_log file and see something like this in it:
[Sun Oct 12 12:34:56 2014] [error] [client 192.0.2.5]
ModSecurity: Access denied with code 406 (phase 2).
Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required.
[file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "1425"] [id "340503"] [rev "1"]
[msg "Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)"]
[severity "CRITICAL"]
[hostname "example.com"]
[uri "/cgi-bin/mt/mt-comments.cgi"]
[unique_id "PIMENTOCAKE"]
It's not just you.
It seems that some webhosts have a mod_security rule in place that bans submitting anything through "mt-comments.cgi". As this is the main way MT submits comments, this kind of breaks things. Happily, working around a rule like this is dead easy.
- Rename your mt-comments.cgi file to something else
- Add "CommentScript ${renamed file}" to your mt-config.cgi file
And suddenly comments start working again!
Except for Google, since they're deprecating OpenID support.
Yep, this was posted for Google to find and help others. Not so interesting to my highly valued RSS subscribers.