Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod Security whitelist one file

Discussion in 'Security' started by Un Area, May 27, 2018.

  1. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    156
    Hi there, Im having a issue with mod_security and a wordpress site. The thing is that Im using the Android Wordpress app to connect remotely to the site but I get a 403 error to the xmlrpc.php file:

    - - [27/May/2018:14:48:51 -0300] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPI24.241-2.47-19-1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36 wp-android/10.0"
    - - [27/May/2018:14:48:51 -0300] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPI24.241-2.47-19-1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36 wp-android/10.0"
    - - [27/May/2018:14:48:54 -0300] "POST / HTTP/1.1" 200 63423 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPI24.241-2.47-19-1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36 wp-android/10.0"

    So seems that modsecurity is blockin the access to that file. Is there a way to exclude that file from .htaccess?

    I used this but I get a 500 error on the site

    <Files xmlrpc.php>
    SecFilterInheritance Off
    </Files>

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    156
    I tried this rule but no effect:

    <IfModule security2_module.c>
    <Files xmlrpc.php>
    SecFilterInheritance Off
    </Files>
    </IfModule>
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Un Area, May 27, 2018
    Last edited: May 27, 2018
  3. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    156
    Solution, put in .htaccess

    <FilesMatch "xmlrpc\.php$">
    Allow from All
    </FilesMatch>
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Tearabite

    Tearabite Well-Known Member

    Joined:
    Nov 28, 2010
    Messages:
    74
    Likes Received:
    11
    Trophy Points:
    58
    Location:
    Southern California
    cPanel Access Level:
    Root Administrator
    Were you seeing any logs that were indicating a mod-security rule hit?
    Generally, you would only want to disable that specific Mod_Security rule so as to not open-up to large of a security gap.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,342
    Likes Received:
    89
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Un Area

    I'm glad you were able to find a resolution to your issue but I do agree with @Tearabite you may want to make sure that you were actually hitting a modsec rule and that you disable just that rule leaving xmlrpc.php open to everyone may present some issues in the future.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice