Hi, I started getting 403 errors from admin-ajax.php, and I traced it down to Mod Security. When I disable mod security, the error goes away.
I installed the OWASP rules pack.
Are the any specific rules I need to use to prevent this?
Thanks!
Hi, I started getting 403 errors from admin-ajax.php, and I traced it down to Mod Security. When I disable mod security, the error goes away.
I installed the OWASP rules pack.
Are the any specific rules I need to use to prevent this?
Thanks!
I just noticed that Cyberpanel doesn’t include the OWASP WordPress rules that were added in v3.0 as found here:
Is there a reason these rules weren’t added? Can I add them manually, or willl you add them in an update?
Thanks!
Thank you. If I want to add the WordPress rules I linked to above, where should I put the file?
Thanks I’ll try it
@inside83 I tried playing around with it for a while, even enabling the WordPress rules pack, but I was never able to get it to work correctly. Also, I wasn’t really able to understand the logs to see which rules were triggered so I can disable them. For now I turned off ModSec.
Solution:
Go to: Cyber Panel → Security → ModSecurity Rules
Then paste this rules:
<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</locationmatch>
Save! That’s all.