Author Topic: ModSecurity adds index.php in permalinks  (Read 47193 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
ModSecurity adds index.php in permalinks
« on: July 19, 2017, 07:09:26 AM »
Hello
I am running CWP, and installed modsecurity COMODO
After that WordPress permalinks added an index.php in URL
Is this normal?
How get rid this and fix it?

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #1 on: July 21, 2017, 07:11:24 AM »
mod_security is only application firewall and its not related with this issue.
You should check in the admin area of your wordpress how you have this set, don't forget to check that you have wordpress htaccess file in your wordpress folder.

https://codex.wordpress.org/htaccess
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #2 on: June 12, 2018, 07:45:01 AM »
Hello,

Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.

If I disable Mod Security, everything returns to normal.

Any ideas?

cheers!

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #3 on: August 09, 2018, 09:06:23 PM »
Hello,

Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.

If I disable Mod Security, everything returns to normal.

Any ideas?

cheers!

Same problem here. Anyone help us?

Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #4 on: August 10, 2018, 02:44:30 AM »
Running below commands will fix your issue

Code: [Select]
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
« Last Edit: August 10, 2018, 02:55:26 AM by bullten »

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #5 on: August 10, 2018, 03:46:34 AM »
Running below commands will fix your issue

Code: [Select]
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart

not change our problem diffrent :(

Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #6 on: August 10, 2018, 03:49:46 AM »
what is output of

Code: [Select]
cat /usr/local/apache/conf.d/mod_security.conf

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #7 on: August 10, 2018, 03:56:17 AM »
Code: [Select]
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

<IfModule !unique_id_module>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

<IfModule mod_security2.c>
  <IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>



  SecRuleEngine On
  SecAuditEngine RelevantOnly
  SecAuditLog /usr/local/apache/logs/modsec_audit.log
  SecDebugLog /usr/local/apache/logs/modsec_debug.log
  SecAuditLogType Serial
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecUploadDir /tmp
  SecCollectionTimeout 600
  SecPcreMatchLimit 1250000
  SecPcreMatchLimitRecursion 1250000
  Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"



For example when modsecurity on one my plugin when save settings on wordpress gives error "Build rewrite rules error" but when close mod security problems gone.

I try add close modsecurity one domain to add vhost but not close;
Code: [Select]
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>


Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #8 on: August 10, 2018, 04:00:12 AM »
When I provided above solution didnt fix your .htaccess permalink issue?

It it still not creating automatically in your htaccess file?

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #9 on: August 10, 2018, 04:05:04 AM »
not creating settings  in htaccess file. Blank
mod security doesnt allow write htaccess

Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #10 on: August 10, 2018, 04:06:03 AM »
what is output of
Code: [Select]
tail -f  /usr/local/apache/logs/error_log

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #11 on: August 10, 2018, 04:08:39 AM »
Code: [Select]
[Fri Aug 10 05:44:15.737587 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 05:44:15.737594 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 05:44:15.737598 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 05:44:15.737602 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 05:44:15.737605 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Fri Aug 10 05:44:15.931833 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 05:44:15.934193 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01906: host.domain.com:443:0 server certificate is a CA certificate (BasicConstraint                                                                        s: CA == TRUE !?)
[Fri Aug 10 05:44:15.984095 2018] [mpm_event:notice] [pid 25216:tid 140007126083456] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protected by                                                                         Mod Security configured -- resuming normal operations
[Fri Aug 10 05:44:15.984181 2018] [core:notice] [pid 25216:tid 140007126083456] AH00094: Command line: '/usr/local/apache/bin/httpd'

Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #12 on: August 10, 2018, 04:10:23 AM »
Goto you public_html folder and type

rm -rf .htaccess

Then open wordpress admin goto permalink and choose one and save it. See if its working then


Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #13 on: August 10, 2018, 04:13:28 AM »
Goto you public_html folder and type

rm -rf .htaccess

Then open wordpress admin goto permalink and choose one and save it. See if its working then

Ok I remove .htaccess file. And save permalink on wordpress but htaccess file not create.

Offline
***
Re: ModSecurity adds index.php in permalinks
« Reply #14 on: August 10, 2018, 04:21:06 AM »
Looking at above log I am sure you didnt run

Code: [Select]
service httpd restart