CyberHosting

OWASP & Comodo - Unable to load WP themes, Plugins and upload images

edited January 14 in General Discussion
Not sure if this is a bug, but after enabling one of the ModSec Rule Package. I am not able to load the mentioned issue in the title. Is anyone having the same issue? The issue goes away if I turned off ModSecurity.conf from comodo rules pack. No console error from the wp-admin..

Any help is much appreciated. Thanks
Tagged:
Tagged:

Comments

  • You need to find out which rule (and rule file) is being triggered if any from ModSecurity Audit log.

    https://cyberpanel.net/docs/log-files-on-cyberpanel/
  • Thanks for the reply. Not sure about how to edit the rules. HTTP_HTTP.conf is off but not sure what to edit or remove under secrule id "210710"

    CWAF Log file

    Matched "Operator `PmFromFile' with parameter `userdata_wl_content_type' against variable `TX:0' (Value: `application/x-www-form-urlencoded' ) [file "/usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf"] [line "13"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.
  • I have the same issue I see on the log this. No JSON object could be decoded.
    I am not able to upload plugins unless I disabled both mod security.
  • @okgoogle kindly submit a support ticket.
  • i have done a full install and it still had the same issues. you cannot upload plugins in wordpress. You get a 404 error.
  • still waiting on litespeed support but it looks like something went wrong someplace in some version.
  • Still having this issue in OLS 1.4.45 and Cyberpanel 1.8.1
  • edited May 9
    Just in case anyone else runs into an issue of not being able to upload to WordPress. This is a problem with a specific modsecurity rule in modsecurity.conf. Rather than disable the entire pack, you can just comment out the single rule and leave the others in place.

    This file can be edited here:
    sudo vi /usr/local/lsws/conf/modsec/owasp/modsecurity.conf

    Comment out the rule:
    #SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    #"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"

    (it's multiline, so comment out both lines)

    Restart litespeed, and uploads should now work.
  • Realizing that may not be the best way to disable an individual rule. I am not finding where to add "SecRuleRemoveById XXXXXX" to anything. It's not working to add it to the rules.conf.
  • So under Security -> ModSecurity Rules, adding comma separated "SecRuleRemoveById" entries actually works, however, I had to delete the default entry that was there for this to work. Not sure if there's a bug.

    I have to run only comodo, using OWASP, was having a lot of issues with things not working in WordPress, with nothing getting logged.
  • @boon4376

    You might also want to run an upgrade as well, as we recently made some fixes to ModSecurity. But for the rules thing, it is very complex and recommended to only enable one rule-pack at a time.

    If you are not very expert, it is not recommended to play with rules, however, disabling/enabling certain file is OK.
  • im not able to get past the admin-login page on wordpress with modsecurity enabled, and i have a similar situation with ghost docker container where im not able to upload/change content without disabling modsecurity , what am i doing wrong?
Sign In or Register to comment.
CyberHosting CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!