CyberHosting

Mod Security Causing ADMIN-AJAX.PHP 403 Errors

harveyharvey
in General Discussion
Hi, I started getting 403 errors from admin-ajax.php, and I traced it down to Mod Security. When I disable mod security, the error goes away.

I installed the OWASP rules pack.

Are the any specific rules I need to use to prevent this?

Thanks!
Tagged:
Tagged:
Share on Facebook

Comments

  • harveyharvey
    I just noticed that Cyberpanel doesn't include the OWASP WordPress rules that were added in v3.0 as found here:

    https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

    Is there a reason these rules weren't added? Can I add them manually, or willl you add them in an update?

    Thanks!
    Share on Facebook
  • hennaboyhennaboy
    CP comes with basic rules after that you need to manage yourself
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
    Share on Facebook
  • harveyharvey
    Thank you. If I want to add the WordPress rules I linked to above, where should I put the file?
    Share on Facebook
  • hennaboyhennaboy
    Mod sec is a openlitespeed config so follow

    https://openlitespeed.org/kb/openlitespeed-modsecurity-module/#Enabling_OWASP_ModSec_30_rule_set_on_OLS

    As a guess it would be the same process
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
    Share on Facebook
  • harveyharvey
    Thanks I'll try it
    Share on Facebook
  • opencodeopencode
    @harvey any progress with modsecurity and 403
    Share on Facebook
  • harveyharvey
    @opencode Nothing yet, still looking into it. I'll update here if I make any progress
    Share on Facebook
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

In this Discussion