CyberHosting

Mod Security Causing ADMIN-AJAX.PHP 403 Errors

Hi, I started getting 403 errors from admin-ajax.php, and I traced it down to Mod Security. When I disable mod security, the error goes away.

I installed the OWASP rules pack.

Are the any specific rules I need to use to prevent this?

Thanks!
Tagged:
Tagged:

Comments

  • I just noticed that Cyberpanel doesn't include the OWASP WordPress rules that were added in v3.0 as found here:

    https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

    Is there a reason these rules weren't added? Can I add them manually, or willl you add them in an update?

    Thanks!
  • CP comes with basic rules after that you need to manage yourself
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • Thank you. If I want to add the WordPress rules I linked to above, where should I put the file?
  • Mod sec is a openlitespeed config so follow

    https://openlitespeed.org/kb/openlitespeed-modsecurity-module/#Enabling_OWASP_ModSec_30_rule_set_on_OLS

    As a guess it would be the same process
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • Thanks I'll try it
  • @harvey any progress with modsecurity and 403
  • @opencode Nothing yet, still looking into it. I'll update here if I make any progress
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!