Control Web Panel

Security => Mod_Security => Topic started by: alierenerdal on June 04, 2015, 09:22:00 AM

Title: Wordpress does not work after activate the Mod Security
Post by: alierenerdal on June 04, 2015, 09:22:00 AM
I receiving error after install mod security :

403 Forbidden

My disabled rules :

## Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030


Centos 6.6 x86
CWP version: 0.9.8.6

How i can fix this ? 
Title: Re: Wordpress does not work after activate the Mod Security
Post by: brijendrasial on June 04, 2015, 11:28:09 AM
Check your error log for more details.
Title: Re: Wordpress does not work after activate the Mod Security
Post by: singhdd on June 04, 2015, 12:34:33 PM
It works but you have to disable a whole lot of rules.

Code: [Select]
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
SecRuleRemoveById 970003
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981317
SecRuleRemoveById 973344
SecRuleRemoveById 981256
SecRuleRemoveById 973301
SecRuleRemoveById 981241
SecRuleRemoveById 973347
SecRuleRemoveById 981248
SecRuleRemoveById 970015
SecRuleRemoveById 950001
SecRuleRemoveById 973335
SecRuleRemoveById 973334
SecRuleRemoveById 973332
SecRuleRemoveById 981318
SecRuleRemoveById 981249
SecRuleRemoveById 981244
SecRuleRemoveById 960035
SecRuleRemoveById 960008
SecRuleRemoveById 960915
SecRuleRemoveById 950907
SecRuleRemoveById 950000
SecRuleRemoveById 981001
SecRuleRemoveById 950103
SecRuleRemoveById 960006
SecRuleRemoveById 958057
SecRuleRemoveById 959072
SecRuleRemoveById 981277
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById 958056
SecRuleRemoveById 950108
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 960010
SecRuleRemoveById 960020
SecRuleRemoveById 981319

One of my wordpress caused me to disable a hell lot. But it works fine now and also all other wordpress sites are working fine (I have about 30)
Title: Re: Wordpress does not work after activate the Mod Security
Post by: alierenerdal on June 20, 2015, 08:48:07 AM
It works but you have to disable a whole lot of rules.

Code: [Select]
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
SecRuleRemoveById 970003
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981317
SecRuleRemoveById 973344
SecRuleRemoveById 981256
SecRuleRemoveById 973301
SecRuleRemoveById 981241
SecRuleRemoveById 973347
SecRuleRemoveById 981248
SecRuleRemoveById 970015
SecRuleRemoveById 950001
SecRuleRemoveById 973335
SecRuleRemoveById 973334
SecRuleRemoveById 973332
SecRuleRemoveById 981318
SecRuleRemoveById 981249
SecRuleRemoveById 981244
SecRuleRemoveById 960035
SecRuleRemoveById 960008
SecRuleRemoveById 960915
SecRuleRemoveById 950907
SecRuleRemoveById 950000
SecRuleRemoveById 981001
SecRuleRemoveById 950103
SecRuleRemoveById 960006
SecRuleRemoveById 958057
SecRuleRemoveById 959072
SecRuleRemoveById 981277
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById 958056
SecRuleRemoveById 950108
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 960010
SecRuleRemoveById 960020
SecRuleRemoveById 981319

One of my wordpress caused me to disable a hell lot. But it works fine now and also all other wordpress sites are working fine (I have about 30)

Thank you very much singhdd,its working now  :)
Title: Re: Wordpress does not work after activate the Mod Security
Post by: crmgddn63 on March 28, 2016, 09:36:02 PM
everything works fine but chrome is not working. i am getting error forbidden.
thank you
Title: Re: Wordpress does not work after activate the Mod Security
Post by: Sandeep on March 29, 2016, 06:28:46 AM
why not use cloudflare free plan ?
Title: Re: Wordpress does not work after activate the Mod Security
Post by: crmgddn63 on April 02, 2016, 08:28:43 AM
why i use cloudflare ?
Title: Re: Wordpress does not work after activate the Mod Security
Post by: Sandeep on April 02, 2016, 11:27:39 AM
to get rid from this problems ?
Title: Re: Wordpress does not work after activate the Mod Security
Post by: iqbalthakur on October 11, 2016, 06:08:53 PM
read my advice in this page
http://forum.centos-webpanel.com/mod_security/mod_security-config/
 with latest update in wordpress and with many rules related to many plugin whitelist or find the error as i told above in that page.
Title: Re: Wordpress does not work after activate the Mod Security
Post by: tutods on September 27, 2018, 04:19:36 PM
It works but you have to disable a whole lot of rules.

Code: [Select]
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
SecRuleRemoveById 970003
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981317
SecRuleRemoveById 973344
SecRuleRemoveById 981256
SecRuleRemoveById 973301
SecRuleRemoveById 981241
SecRuleRemoveById 973347
SecRuleRemoveById 981248
SecRuleRemoveById 970015
SecRuleRemoveById 950001
SecRuleRemoveById 973335
SecRuleRemoveById 973334
SecRuleRemoveById 973332
SecRuleRemoveById 981318
SecRuleRemoveById 981249
SecRuleRemoveById 981244
SecRuleRemoveById 960035
SecRuleRemoveById 960008
SecRuleRemoveById 960915
SecRuleRemoveById 950907
SecRuleRemoveById 950000
SecRuleRemoveById 981001
SecRuleRemoveById 950103
SecRuleRemoveById 960006
SecRuleRemoveById 958057
SecRuleRemoveById 959072
SecRuleRemoveById 981277
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById 958056
SecRuleRemoveById 950108
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 960010
SecRuleRemoveById 960020
SecRuleRemoveById 981319

One of my wordpress caused me to disable a hell lot. But it works fine now and also all other wordpress sites are working fine (I have about 30)

How to implement this things?
My WP not work with Mod Security
Title: Re: Wordpress does not work after activate the Mod Security
Post by: pixelpadre on November 28, 2018, 01:23:46 PM
why not use cloudflare free plan ?

WAF is not free.  You have to have a minimum of PRO Plan.

Cloudflare sucks anyway.  Frequent outages and outdated caching, slow page loads....the list goes on and on.  Just search for cloudflare problems on your favorite search engine.
https://tech.tiq.cc/2016/01/why-you-shouldnt-use-cloudflare/
Title: Re: Wordpress does not work after activate the Mod Security
Post by: adamjedgar on June 24, 2019, 08:47:44 PM
As thus issue has arisen on a mother thread...I am updating this one as well. I think the link below might help streamline the process of whitelisting mod security rules for wordpress.

https://www.tweaking4all.com/web-development/wordpress/mod_security-fix/
Title: Re: Wordpress does not work after activate the Mod Security
Post by: adamjedgar on June 25, 2019, 12:37:21 AM
Also, an update on this...

If one goes CWP dashboard>Security>mod security

click on the domain for which the problem exists and under "Actions" turn off Mod_Security, the problem immediately goes away in Wordpress.

For the time being, until i can find the right set of whitelist rules i need for Comodo WAF...

i am leaving Mod Security turned off for the problematic domain with the problematic wordpress installation, and instead using Wordfence Firewall plugin inside Wordpress itself to control all Firewall and security functions (which is quite powerful and does the trick at the "work face"
Title: Re: Wordpress does not work after activate the Mod Security
Post by: studio4host on June 25, 2019, 07:26:11 AM
with mod security you will always need to whitelist some rules per domain so you simply need to learn how to do that!

ModSecurity rules can't be for everyone as each website is different (using different plugins, mods, themes) that is the reason why per domain whitelisting exists.

The best rules are the one OWASP has as they are much more strict and for each website requires detailed testing and more than several rules to be whitelisted...but they provide the best security as they block much more things.

In short, if you want higher and better security you should use more advanced and more complicated rules.
Whitelisting is so simple and requires less than a minute to check and whitelist some rules.

Example procedure
- check error logs for a domain having an issue: tail -n 100 /usr/local/apache/domlogs/DOMAIN.error.log
- go to mod_security: click on "Edit rules" of some domain and simply click on "Add ID Rule"

Title: Re: Wordpress does not work after activate the Mod Security
Post by: adamjedgar on June 25, 2019, 10:37:37 AM
That's all good and well, however on an already functioning system that was happily singing along, this shouldn't have happened in the first place.
Title: Re: Wordpress does not work after activate the Mod Security
Post by: studio4host on June 25, 2019, 09:31:09 PM
there will be always rules updates to get things more secure so you simply need to learn how to whitelist rules.