ModSecurity OWASP blocking GTMetrix

bejbi

Well-Known Member
PartnerNOC
Jan 20, 2006
163
31
178
Poland
cPanel Access Level
DataCenter Provider
If you are using OWASP rules v. 3.3.4 you can experience problem with GTmetrix service. All requests will serve 403 error.

It is interesting becouse probably GTmetrix sends forbidden header. GTmetrix is blocked by 3 rules:
920450 - request protocol enforcement
949110 - request blocking evaluation
980130 - response corelation

You can disable these rules or add GTmetrix to whitelist (if you need GTmetrix):
cPanel has tutorial for whitelisting: https://support.cpanel.net/hc/en-us...How-to-whitelist-an-IP-address-in-ModSecurity

:wq
 
Last edited by a moderator:
  • Like
Reactions: cPRex

ciao70

Well-Known Member
Nov 3, 2006
147
29
178
Hi,

The problem also occurs with other systems after the update of Modsecurity 2.9.6 and Owasp 3.3.4


Thanks
 
  • Like
Reactions: cPRex