Can't Manage website after enabling Modsecurity

After enabling mod security when I am trying to go to website>list website>domain.com>manage

the url is dashboard.domain.com/website/domain.com

I am getting 403 forbidden error.

Hello @RitZz

  1. Have you diagnosed the issue on client side first?
  2. Did you add any modSec rules at https://SERVER_URL:8090/firewall/modSecRules?
  3. Set SecDebugLogLevel to 9 restart LSWS, visit said link and post contents of server’s error log

Mod sec rules


server error log

  1. Run command touch /usr/local/CyberCP/debug && reboot and reissue the ssl for hostname and post the contents of nano /home/cyberpanel/error-logs.txt

Let’s start from the beginning the error is 403 forbidden error after your enabled modsecurity.

  1. Check if you are using a VPN. disable it
  2. Clear browser cache
  3. Disable modsecurity to see if problem goes away. If it does we need to find out which rule file is conflicting and then turn off that specific rule file.
  4. In extreme cases check your server AV for possible infections (last resort if all fails)
  1. Tried with VPN as well as without. No difference.
  2. Cleared browser cache, incognito mode, different browser. no luck
  3. Disabling Modsecurity makes the problem go away. That’s how I am using the server rn
  4. Imunify360 says no infections detected.

Sorry didnt see this https://community.cyberpanel.net/uploads/default/original/2X/e/e2601dbafb058487deca8f4f7678c12b2d5c9961.png

One of those rules is causing that issue.

  1. Either disable one by one and see if the issue goes away or post the rules here I diagnose this for you

removed them all completely. added them from a different cyberpanel thread.

these rules were there by default and the problem still persists.

Reboot your server

Doesn’t help. 403 forbidden

Disable imunify360 and test

Not sure how to do that, In the control panel it only gives a button to access imunify 360

Run systemctl stop imunify-antivirus OR RHEL based service imunify-antivirus stop

imunify stopped. still 403-