ModSec Issue - Login with Google trigger 403

*Server Setup: Latest Cyberpanel+Openlitespeed+ModSec (OWASP Core Rule Set activate from cyberpanel).

*Problem: Login with Google trigger 403.

  • To fix the issue I add this code with Default CP ModSec Rules(as the photo):
    <locationmatch “/my-account/google/oauth2callback*”>
    SecRuleRemoveById 949110

But No Luck!!

Here is the error log:

2024-01-29 12:32:20.537518 [INFO] [4300] [] [Module:mod_security]Intervention status code triggered: 403
2024-01-29 12:32:20.537568 [INFO] [4300] [] [Module:mod_security]Log Message: [client] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Ge' with parameter 5’ against variable TX:ANOMALY_SCORE' (Value: 5’ ) [file “/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf”] [line “80”] [id “949110”] [rev “”] [msg “Inbound Anomaly Score Exceeded (Total Score: 5)”] [data “”] [severity “2”] [ver “OWASP_CRS/3.3.2”] [maturity “0”] [accuracy “0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-generic”] [hostname “”] [uri “/my-account/google/oauth2callback”] [unique_id “170650274014.446625”] [ref “”]

*** Is there any good soul to help me ?

Is thie the case with you ?

Hello sir, thanks for your response.

My problem is different from what you mentioned. I don’t access CyberPanel from any proxy and my CyberPanel Dashboard, Menus, Options and everything else are OK.

(I am using OWASP Core Rule Set activate from cyberpanel )

**** My problem is that I don’t know how to disable some specific ModSec Rule IDS. CyberPanel has option to disable specific RULE GROUP (such as 900, 901, 905 etc). But it is very dangerous from Security point of view !!**

**** Sir you know that, every server host many domains. Even some host hundreds. That’s why disabling one RULE Group is Dangerous and is not practical for Security Reasons.**

**** The practical solution for “MODSEC TRIGGER 403 ISSUE” is to DISABLE SPECIFIC RULE IDS (such as 950109, 950901, 958291) just for SPECIFIC DOMAIN.**

**** my question is that, How to DISABLE SPECIFIC RULE IDS just for SPECIFIC DOMAIN. I know that, It can be done by adding code on :8090/firewall/modSecRules. But I don’t know the code for CyberPanel. Please HELP…

OK. I understand the problem now.

Open a ticket here:

Provide the site where google login is having issues, also provider access to CyberPanel.

I will have to see how we can get around this problem.

Hello Sir, as per your instruction, I create a ticket on

Please Investigate.

ticket id ?


ok let me check

I added this and it seems to go through

SecRuleRemoveById 930120
SecRuleRemoveById 949110

Hello Sir, many many thanks to you.

Issue Solved.