Hi, I am having issues with ModSecurity and the save function on WordPress websites. When I Activate "Do Not Process the Rules" under "Rules Engine" then WordPress saves without a problem. Looking at other posts I didn't seem to find a resolution. I did see someone from cPanel ask a user "If you go WHM>>Security Center>>ModSecurity>>Vendors do you still have the Imunify vendor present?" In my case the answer is no. If you believe this is my issue please let me know how to install this. It looked fairly simple but I wanted to be sure this is ok to do before I researched it and just installed it not fully understanding what I was doing. TIA!
In the instance, I was referencing Imunify, the user was receiving an error specific to imunify. In this case, what is the error you're getting in the apache error logs from mod_security when WordPress saves?
Thank you for the reply. There doesn't seem to any errors being recorded, the save function never seems to actually fail. The circle next to the save button just keeps spinning. The only two errors I see being recorded are these:
[Wed Mar 25 05:59:35.242661 2020] [authz_core:error] [pid 30333:tid 47319667623680] [client 74.124.211.139:55464] AH01630: client denied by server configuration: /home/nhwh468702/public_html/.user.ini, referer: https://domain.org/.user.ini
[Wed Mar 25 04:25:19.515028 2020] [access_compat:error] [pid 2610:tid 47319663421184] [client 45.79.163.69:45470] AH01797: client denied by server configuration: /home/nhwh468702/public_html/wp-includes/css/index.php
I recreated the problem just prior to sending this post but do not see any newer errors in the log.
[Wed Mar 25 05:59:35.242661 2020] [authz_core:error] [pid 30333:tid 47319667623680] [client 74.124.211.139:55464] AH01630: client denied by server configuration: /home/nhwh468702/public_html/.user.ini, referer: https://domain.org/.user.ini
[Wed Mar 25 04:25:19.515028 2020] [access_compat:error] [pid 2610:tid 47319663421184] [client 45.79.163.69:45470] AH01797: client denied by server configuration: /home/nhwh468702/public_html/wp-includes/css/index.php
I recreated the problem just prior to sending this post but do not see any newer errors in the log.
Last edited by a moderator:
Neither of those is related to the issue you're experiencing I don't believe. I was looking for the output from mod_security specifically to identify what rule is being hit. You can also see this at WHM>>Security Center>>ModSecurity Tools
Ok, that's the default which is good but that also is interesting as any hits you get on ModSecurity rules (i.e., if it blocks access to something ) should be logged in the audit log as well as in the hits list. Are you using the default OWASP vendor as well? If so you may want to open a ticket so that we can look into the issue further and identify what rule is being matched that's blocking Wordpress from saving.
Thanks!
Thanks!
If its of any help I just noticed that it seems to be working on some WordPress sites but not a newer install of WP. It won't even allow changes to a web page unless I turn off the rules.
On the WordPress forum someone mentioned the solution below but I wasn't able to find the etc/apache2/apache2.cnf file. I found the etc/apache2/ folder but that's where I hit a dead end....
This problem definitely looks like a permission problem. If you are using an Apache2 server in a Linux OS you should take a look at the server permissions.
To solve this issue you should edit your /etc/apache2/apache2.conf and set the AllowOverride of the directory /var/www to All.
It should look like this:
<directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
<directory>
After that run:
sudo systemctl restart apache2 && sudo a2enmod rewrite
And restart again:
sudo systemctl restart apache2
If you need more details, this is a helpful (and simple) tutorial:
https://diviextended.com/set-allowoverride-ubuntu-wordpress-permalink-work/
This problem definitely looks like a permission problem. If you are using an Apache2 server in a Linux OS you should take a look at the server permissions.
To solve this issue you should edit your /etc/apache2/apache2.conf and set the AllowOverride of the directory /var/www to All.
It should look like this:
<directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
<directory>
After that run:
sudo systemctl restart apache2 && sudo a2enmod rewrite
And restart again:
sudo systemctl restart apache2
If you need more details, this is a helpful (and simple) tutorial:
https://diviextended.com/set-allowoverride-ubuntu-wordpress-permalink-work/
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | Modsecurity 2.9.7 is coming soon | Security | 1 | |
| A | Google bot triggering OWASP modsecurity rule 949110 | Security | 6 | |
|
ModSecurity OWASP blocking GTMetrix | Security | 1 | |
|
In Progress CPANEL-41695 - Modsecurity Geo Database | Security | 6 | |
| C | Modsecurity 2.9.6 [Fix Security] | Security | 57 |