Hello,
I’m running CP on Ubuntu 20.04 to host WordPress sites via OLS. I have ModSecurity as server firewall with the Comodo rules set. ModSec + Comodo are generally doing a good job, but I am seeing isolated false positives in WooCommerce and Rank Math, when attempting to save plugin settings changes.
Here’s a log entry (URL modified to ‘WPsite.com’):
2022-02-20 17:36:43.456240 [INFO] [1291] [45.56.77.123:41364#WPsite.com] [Module:mod_security]Log Message: [client 70.229.214.237] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Eq' with parameter 0’ against variable MULTIPART_UNMATCHED_BOUNDARY' (Value: 2’ ) [file “/usr/local/lsws/conf/modsec/comodo/modsecurity.conf”] [line “68”] [id “200004”] [rev “”] [msg “Multipart parser detected a possible unmatched boundary.”] [data “”] [severity “0”] [ver “”] [maturity “0”] [accuracy “0”] [hostname “WPsite.com”] [uri “/wp-admin/admin.php”] [unique_id “1645378603”] [ref “v4081,1”]
Rule 200004 in comodo/modsecurity.conf is triggering the 403, so I tried to deactivate it with this line in WPsite’s .htaccess:
SecRuleRemoveById 200004
However nothing’s changed, so I’m wondering if this Apache fix isn’t being read by OLS, and maybe I need to input the line using CP’s Rewrite Rules?
I haven’t seen a lot of discussion online about using ModSecurity with CP and OLS, so I thought I’d post this to find out if other WP admins are using ModSec and running into false positives (403) when changing their plugins settings in the backend?
Thanks for any thoughts …
– Dave