WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

Hi,

Does WordPress or WooCommerce, the latest versions, have a conflict with the OWASP CRS v4.16.0 rules?

Do I need to set additional rules in the global_disabled_rules.conf file?

thanks in advance!

BR
Venty

Hi,

Does WordPress or WooCommerce, the latest versions, have a conflict with the OWASP CRS v4.16.0 rules?

Do I need to set additional rules in the global_disabled_rules.conf file?

thanks in advance!

BR
Venty

...I return OWASP CRS version 4.15.0, everything works - WordPress etc., I return OWASP CRS version 4.16.0 - error 403...

Look in the logs, and it will show you what rule blocked it.

In you global_disabled_rules.conf, you should have these:

Code: [Select]

## Removed rules for CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
#######################################################
## Removed Rules for WordPress and phpMyAdmin ##
#######################################################
## Removed rules for Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
# Needed for WordPress Cloudflare Plugin
SecRuleRemoveById 911100
## Removed rules for webftp_simple ##
SecRuleRemoveById 950922
SecRuleRemoveById 981000
SecRuleRemoveById 950109
## Removed rules for phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 981318
SecRuleRemoveById 981320
SecRuleRemoveById 981240

Look in the logs, and it will show you what rule blocked it.

In you global_disabled_rules.conf, you should have these:

Code: [Select]

## Removed rules for CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
#######################################################
## Removed Rules for WordPress and phpMyAdmin ##
#######################################################
## Removed rules for Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
# Needed for WordPress Cloudflare Plugin
SecRuleRemoveById 911100
## Removed rules for webftp_simple ##
SecRuleRemoveById 950922
SecRuleRemoveById 981000
SecRuleRemoveById 950109
## Removed rules for phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 981318
SecRuleRemoveById 981320
SecRuleRemoveById 981240

Hi,
When I have rules version version 4.16.0, rules with ids 980170, 949110, 930130 are the ones that block, I set them in global_disabled_rules.conf, but again I can't access and install WordPress...

When I revert the rules to version 4.15.0 , things work....

and finally, the blocking seems to be not just for WordPress...

BR
Venty

You will need to look through your error logs and see which rules are triggering the blocks, then add them to the global rules file:

Code: [Select]

grep "modsecurity" /usr/local/apache/domlogs/*.error.log
Afterward, don't forget to restart httpd. You can also disable Mod Security on a user-account basis to get you through the WordPress install process.

I have Wordpress sites running fine with WooCommerce using OWASP v4.16.0

I haven't done anything special but do have the rules disabled that @Starburst linked above + a couple of extras so I'd check that first.

## Wordpress ##
SecRuleRemoveById 981172
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 981319
SecRuleRemoveById 959073
SecRuleRemoveById 958030