Mod Security Causing ADMIN-AJAX.PHP 403 Errors

harvey

Hi, I started getting 403 errors from admin-ajax.php, and I traced it down to Mod Security. When I disable mod security, the error goes away.

I installed the OWASP rules pack.

Are the any specific rules I need to use to prevent this?

Thanks!

harvey

I just noticed that Cyberpanel doesn't include the OWASP WordPress rules that were added in v3.0 as found here:

https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

Is there a reason these rules weren't added? Can I add them manually, or willl you add them in an update?

Thanks!

harvey

Thank you. If I want to add the WordPress rules I linked to above, where should I put the file?

harvey

Thanks I'll try it

opencode

@harvey any progress with modsecurity and 403

harvey

@opencode Nothing yet, still looking into it. I'll update here if I make any progress

harvey

I uncommented Rule REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf in /usr/local/lsws/conf/modsec/owasp/crs-setup.conf (Around line 300) and I had to reset my server, and it seems to be working.

@hennaboy Why isn't this rule visible on the MODSECURITY RULES PACKAGES page?

harvey

Also, I noticed that the modsec log at /usr/local/lsws/logs/modsec.log is 8.5GB! Does this log not get cleared? Do I have to delete it manually? @hennaboy

inside83

@harvey any update?

harvey

@inside83 I tried playing around with it for a while, even enabling the WordPress rules pack, but I was never able to get it to work correctly. Also, I wasn't really able to understand the logs to see which rules were triggered so I can disable them. For now I turned off ModSec.