Author Topic: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0 (Read 985 times)

venty · « **Reply #15 on:** July 25, 2025, 08:27:48 AM »

Quote from: 6Sense on July 25, 2025, 12:19:43 AM

There is more than 1 global_disabled_rules.conf file in the mix.

It depends how you set your modsec up (eg: which one is it pointed to).

Hi,

I basically use the following recommendations from @Starburst:

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/recommended-ruleset-paths-running-cwp-and-apache-on-almalinux-8-9/

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-to-4-16-0-running-cwp-and-apache-on-almalinux-8-9/

https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/

Again, according to his instructions, I placed the global_disabled_rules.conf file in a "before" folder and supposedly I have an entry for the folder to read *.conf

└── custom-rules
├── startup
├── before
└── after

How can I check if this is happening and the global_disabled_rules.conf file is being read from there?

BR
Venty

anandmys · « **Reply #16 on:** September 26, 2025, 10:42:11 AM »

Quote from: overseer on July 15, 2025, 12:44:28 PM

More for WordPress:
Code: [Select]
## Wordpress ## SecRuleRemoveById 981242 SecRuleRemoveById 981246 SecRuleRemoveById 981243 SecRuleRemoveById 959073 SecRuleRemoveById 958030 SecRuleRemoveById 981172 SecRuleRemoveById 981319 SecRuleRemoveById 981260 SecRuleRemoveById 973308 SecRuleRemoveById 973335 SecRuleRemoveById 973347 SecRuleRemoveById 973334 SecRuleRemoveById 950007

Thank you

Control Web Panel

Author Topic: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0 (Read 985 times)

Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0

Re: WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0