Author Topic: getting Forbidden You don't have permission error  (Read 6439 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
getting Forbidden You don't have permission error
« on: July 03, 2019, 08:47:01 AM »
When i am accessing my wp site i am getting the below error.

Forbidden

You don't have permission to access http://mydomain.com/wp-admin/admin.php on this server.

i think its something related to the mod_security which is configured through cwp.

Now i am not sure where to white list it in cwp.


Offline
*
Re: getting Forbidden You don't have permission error
« Reply #1 on: July 03, 2019, 05:03:28 PM »
When i am accessing my wp site i am getting the below error.

Forbidden

You don't have permission to access http://mydomain.com/wp-admin/admin.php on this server.

i think its something related to the mod_security which is configured through cwp.

Now i am not sure where to white list it in cwp.

I confirm this is a issue with mod_security which is enabled for that domain in CWP. When i disable its working fine. So is there anyway i can remove only certain rules or white list certain operations in the back end. This is happening with some post type or plugins after post or form submission.

Offline
**
Re: getting Forbidden You don't have permission error
« Reply #2 on: July 03, 2019, 08:59:34 PM »
There are three options for mod security rules...the default one, owasp and Comodo.

Which one do you have selected?

If you are using the free version of cwp, then it will be the default....which shouldn't cause any WordPress issues because it's basic rules are very few.

Having said that, there is a list of WordPress rules you can download.

Another thing you should check is the panic level...if it is set much above 2 on a normal install you may start to get false positives.

Also, are you running Wordfence on your WordPress website? It has its own list of WAF rules.

Offline
*
Re: getting Forbidden You don't have permission error
« Reply #3 on: July 04, 2019, 05:34:47 AM »
There are three options for mod security rules...the default one, owasp and Comodo.

Which one do you have selected?

If you are using the free version of cwp, then it will be the default....which shouldn't cause any WordPress issues because it's basic rules are very few.

Having said that, there is a list of WordPress rules you can download.

Another thing you should check is the panic level...if it is set much above 2 on a normal install you may start to get false positives.

Also, are you running Wordfence on your WordPress website? It has its own list of WAF rules.

I am using free version so i can see a owaspold rules applied. I have not used word fence but now thinking to use word fence and disable the mod security but i am keen on mod security use. What will be best to use. Yes its false positives. Panic level - Where can i check it ? Where can i get the wordpress WAF rules and  where to add it.