I’m running CP on Ubuntu 20.04 to host WordPress sites via OLS. I have ModSecurity as server firewall with the Comodo rules set. ModSec + Comodo are generally doing a good job, but I am seeing isolated false positives in WooCommerce and Rank Math, when attempting to save plugin settings changes.
Here’s a log entry (URL modified to ‘WPsite.com’):
Rule 200004 in comodo/modsecurity.conf is triggering the 403, so I tried to deactivate it with this line in WPsite’s .htaccess:
SecRuleRemoveById 200004
However nothing’s changed, so I’m wondering if this Apache fix isn’t being read by OLS, and maybe I need to input the line using CP’s Rewrite Rules?
I haven’t seen a lot of discussion online about using ModSecurity with CP and OLS, so I thought I’d post this to find out if other WP admins are using ModSec and running into false positives (403) when changing their plugins settings in the backend?
Go cyberpanel and see error logs or server logs (I dont remenber which one) look what rule number blocking and then go security|modsecurity rule packs| configure and disable that rule
Thank you for your replies. I’ve continued to work toward removing a single Comodo rule. Here’s a quick update, and my question:
I’ve tested and can confirm that you are both correct - disabling a Comodo file immediately stops my false positives.
However, there are lots of rules in each one of those files. So disabling an entire file effectively removes lots of rules. It’s overkill.
From the logs, I know the rule that I want to remove. I’ve tried this code in both the site’s .htaccess file and CP’s Websites → Manage → Rewrite Rules page, like this:
I also tried to whitelist my own IP, like this (x’s = my IP address):
SetEnvIfNoCase REMOTE_ADDR ^xxx.xxx.xxx.xxx$ MODSEC_ENABLE=Off
But these lines of code in .htaccess / Rewrite Rules don’t seem to change anything.
I’m thinking that either I am misunderstanding what OLS will process in .htaccess, or maybe there is a setting in WebAdmin that I need to adjust to get OLS to process these instructions?
My question is, am I going about this the right way (via .htaccess / CP Rewrite Rules)? There is plenty of documentation out there for disabling a ModSec rule under CentOS / Apache. I’m sure there must be a way to do this under Ubuntu / OLS, but I seem to be missing it. Maybe it’s just a small syntax difference between Apache and OLS instructions?