administer wordpress despite 406 blocks from modsecurity
Question
I would like to adapt the administration urls of my wordpress site so that they work with modsecurity rules. Indeed, I use a waf which manages incoming traffic. Modsecurity is installed on waff. Also, I don't have access to this waf, just to my back server. I use apache
1 answers
solution1
0 2022-08-07 17:37:43
CRS dev-on-duty here. You're probably talking about OWASP Core Rule Set rules. This ruleset is often used for ModSecurity WAFs. The Core Rule Set offers a Wordpress exclusion package that should help you fight with false positives. You can activate this exclusion package in your crs-setup.conf .
However, a blocked request is normally not blocked with an HTTP status 406, but with a HTTP status 403. So it's probably not the WAF that raises your error.
I'd like to support you find out if it's the WAF that blocks you, but unfortunately, you did not include enough information for us to actually help you.
Please provide the following if possible:
- Full alert message (ideally send us the full audit log of the request)
- Web server and version or the platform you are using
- ModSecurity version
- CRS version
ATTENTION: When submitting logs, please remove all personal information like IP addresses, hostnames, passwords, etc. We'll be happy to have a look afterwards. CRS dev-on-duty.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.