Skip to main content

Question related Wordpress & ModSecurity ?

Answered

Comments

5 comments

  • Hi,

     

    If a ModSecurity rule is preventing your plugin from functioning properly, it is possible to disable the ModSecurity rule, or even disable the use of ModSecurity for the entire domain with the use of the ModSecurity Domain Manager feature. 

     

    When you uncheck the "Enable Rule" box, then restart Apache, it would disable the ModSecurity rule in question. I suggest monitoring the Apache error log while you reproduce the issue with the plugin to verify which ModSecurity rules are being triggered.

     

    Regarding the ConfigServer ModSec Control feature, this isn't something that we develop or support. It does appear that the DirectoryMatch feature functions in the way you said, in that you can exclude a directory path from ModSecurity. However, if you were facing issues with this feature, I suggest reaching out to the CSF Forums.

    1
  • Alex Vinsso

    Hey William, thx alot for reply

    -> i don't actually want to disable ModSecurity because if am not wrong it's good tool to secure website

    -> regarding appache error log, where exactly i will find them, if you can mentionne exactl path/place where to find log regarding this, (i don't have good knowledge am sorry) because in case issue happened i really want to know if a rule actually do this issue

    -> DirectoryMatch feature will be last thing i will do in case first option didn't work (Disable rule)

    btw please correct me if am wrong, regarding DirectoryMatch in case i want to test it,

    This is how looks like in WHM option:


    New DirectoryMatch
    ____________
    ^/home/Lorenzo/public_html/wp-admin/...

    in case i want to add this plugin to exclusion, this is path of plugin via cpanel "public_html/wp-content/plugins/ads_network"

    and inside "/ads_network" folder there is 3 php file related to the plugin
    ads.php
    index.php
    uninstall.php

    now lets back to DirectoryMatch of ModSecurity, am supposed to put path of each of php files or just folder ipath s enough ?


    ^/home/Lorenzo/public_html/wp-content/plugins/ads_network/  (btw is their difference if i let it "/ads_network" without (/) and /ads_network/" ?


    or i must put all php files directory instead of /ads_network directory, which mean

    ^/home/Lorenzo/public_html/wp-content/plugins/ads_network/ads.php
    ^/home/Lorenzo/public_html/wp-content/plugins/ads_network/index.php
    ^/home/Lorenzo/public_html/wp-content/plugins/ads_network/uninstall.php

    sorry for taking your time guys and thx alot for your help! sry for my bad english as well

    0
  • Hi,

     

    The following article details where to find the Apache error log:

    Where can I find the Apache error log

     

    Regarding the DirectoryMatch option, I'd suggest trying to include the directory to the ads_network plugin, but not the files within the directory itself. For example:

     

     /home/cPaneluser/public_html/wp-content/plugins/ads_network/

     

    With that said, please note that this feature is developed by CSF, so I do not have as much experience with it. If you experience further issues with getting the DirectoryMatch feature to work as expected, reaching out to the CSF forums would be best as they are more knowledgeable with their product. 

     

     

    1
  • Alex Vinsso

    Thx alot man for your help! i will try it as soon as i notice the issue again! i will try to update this thread with any news

     

    thx again and have a great weekend

    0
  • Hi,

     

    You're most welcome for the assistance and I hope you have a great rest of your weekend as well! 

    0

Please sign in to leave a comment.