OWASP & Comodo - Unable to load WP themes, Plugins and upload images

Not sure if this is a bug, but after enabling one of the ModSec Rule Package. I am not able to load the mentioned issue in the title. Is anyone having the same issue? The issue goes away if I turned off ModSecurity.conf from comodo rules pack. No console error from the wp-admin…

Any help is much appreciated. Thanks

You need to find out which rule (and rule file) is being triggered if any from ModSecurity Audit log.

Thanks for the reply. Not sure about how to edit the rules. HTTP_HTTP.conf is off but not sure what to edit or remove under secrule id “210710”

CWAF Log file

Matched "Operator PmFromFile' with parameter userdata_wl_content_type’ against variable TX:0' (Value: application/x-www-form-urlencoded’ ) [file “/usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf”] [line “13”] [id “210710”] [rev “5”] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.

I have the same issue I see on the log this. No JSON object could be decoded.
I am not able to upload plugins unless I disabled both mod security.

@okgoogle kindly submit a support ticket.

Done thanks

done as well

i have done a full install and it still had the same issues. you cannot upload plugins in wordpress. You get a 404 error.

still waiting on litespeed support but it looks like something went wrong someplace in some version.

Still having this issue in OLS 1.4.45 and Cyberpanel 1.8.1

Just in case anyone else runs into an issue of not being able to upload to WordPress. This is a problem with a specific modsecurity rule in modsecurity.conf. Rather than disable the entire pack, you can just comment out the single rule and leave the others in place.

This file can be edited here:
sudo vi /usr/local/lsws/conf/modsec/owasp/modsecurity.conf

Comment out the rule:
#SecRule MULTIPART_UNMATCHED_BOUNDARY “!@eq 0” \
#“id:‘200004’,phase:2,t:none,log,deny,msg:‘Multipart parser detected a possible unmatched boundary.’”

(it’s multiline, so comment out both lines)

Restart litespeed, and uploads should now work.

Realizing that may not be the best way to disable an individual rule. I am not finding where to add “SecRuleRemoveById XXXXXX” to anything. It’s not working to add it to the rules.conf.

So under Security → ModSecurity Rules, adding comma separated “SecRuleRemoveById” entries actually works, however, I had to delete the default entry that was there for this to work. Not sure if there’s a bug.

I have to run only comodo, using OWASP, was having a lot of issues with things not working in WordPress, with nothing getting logged.

@boon4376

You might also want to run an upgrade as well, as we recently made some fixes to ModSecurity. But for the rules thing, it is very complex and recommended to only enable one rule-pack at a time.

If you are not very expert, it is not recommended to play with rules, however, disabling/enabling certain file is OK.

im not able to get past the admin-login page on wordpress with modsecurity enabled, and i have a similar situation with ghost docker container where im not able to upload/change content without disabling modsecurity , what am i doing wrong?

I found a work around to get SecRuleRemoveById to work from in the cyberpanel Rules interface (Security → ModSecurity Rules). i.e. rules.conf file

I modified /usr/local/lsws/conf/httpd_config.conf and changed this line:
`
modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf

To:

modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf
`

I found out by putting SecRuleRemoveById in /usr/local/lsws/conf/httpd_config.conf before the and it worked so when I included the file /usr/local/lsws/conf/modsec/rules.conf within the my rules then began to work.