I would like to adapt the administration urls of my wordpress site so that they work with modsecurity rules. Indeed, I use a waf which manages incoming traffic. Modsecurity is installed on waff. Also, I don't have access to this waf, just to my back server. I use apache
administer wordpress despite 406 blocks from modsecurity
105 views Asked by Christian Metge At
1
There are 1 answers
Related Questions in PHP
- How to add the dynamic new rows from my registration form in my database?
- Issue in payment form gateway
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- Function in anonymous Laravel Blade component
- How to change woocomerce or full wordpress currency with value from USD to AUD
- General questions about creating a custom theme Moodle CMS
- How to add logging to an abstract class in php
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Laravel: Using belongsToMany relationship with MongoDB
- window.location.href redirects but is causing problems on the webpage
- Key provided is shorter than 256 bits, only 64 bits provided
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
Related Questions in WORDPRESS
- How to add the dynamic new rows from my registration form in my database?
- Wordpress Site - pages have low text-HTML ratio
- wordpress delete unwanted location
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- How to change woocomerce or full wordpress currency with value from USD to AUD
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Caching private wordpress rest endpoints
- How do i get my close button to work on a popup?
- SQL query to get student enrolled in this month in a course - Moodle
- What wordpress plugin prevent sharing of contact information amongst users?
- Password protected or private URL one-time viewable video access
- Download button not working in wordpress website. How can solve it?
- WP toolkit problem after deleting wordpress site manually
- TypeError: Failed to execute 'arrayBuffer' on 'Blob': Illegal invocation - Insert blob into database
- New Order Email Details Missing // Woocommerce / Woocommerce Bookings
Related Questions in MOD-SECURITY2
- Fine-tuning mod_security rule 942100
- How to prevent duplicate requests in apache2
- Getting ModSecurity: Access denied with code 44 on Laravel Form Submit
- How do I use ModSecurity's transformation function to encode the request_body
- Modsecurity block Google tag manager iframe
- Modsecurity Custom Lua Rule Not Capturing REQUEST_HEADERS
- Modsecurity block access from all countries except from a specific IP or specific remote host
- Keycloak with mod-security
- How to block based on request content to a specific file?
- Allow Mod-Security for request uri
- How to install Modsecurity 2.9.6 on Debian 11 with Apache2?
- `http.service` fail to start with `exit-code` or `protocol`
- Modsecurity V3.0: OpenLiteSpped how to block cookie
- administer wordpress despite 406 blocks from modsecurity
- configure: error: unrecognized option: `--add-dynamic-module=/usr/local/src/ModSecurity-nginx'
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
CRS dev-on-duty here. You're probably talking about OWASP Core Rule Set rules. This ruleset is often used for ModSecurity WAFs. The Core Rule Set offers a Wordpress exclusion package that should help you fight with false positives. You can activate this exclusion package in your crs-setup.conf.
However, a blocked request is normally not blocked with an HTTP status 406, but with a HTTP status 403. So it's probably not the WAF that raises your error.
I'd like to support you find out if it's the WAF that blocks you, but unfortunately, you did not include enough information for us to actually help you.
Please provide the following if possible:
ATTENTION: When submitting logs, please remove all personal information like IP addresses, hostnames, passwords, etc. We'll be happy to have a look afterwards. CRS dev-on-duty.