ModSecurity, sometimes called Modsec, is an Apache module and open-source web application firewall which helps to protect your website from various attacks and exploits.
However, it can also sometimes block legitimate requests, resulting in a 406 error when trying to complete a specific action or access a web page. While disabling ModSecurity will prevent these errors, it is not recommended to do so.
Instead, the preferred solution is to disable the specific ModSecurity rule that is causing the issue. Here we cover the steps to determine and disable a ModSecurity rule that is inhibiting website functionality on your VPS or Dedicated server.
Related Articles
How to SSH into VPS or Dedicated Servers
Enable/Disable ModSecurity Using cPanel
Check Apache Error Log
Disable ModSec Rule
IMPORTANT: This solution will require root access. If this needs to be obtained, follow the guide on requesting root access.
- Review your Apache error log for a line similar to the following example
[Wed Nov 13 xx:xx:xx.xx xxxx] [:error] [pid 27189] [client xx.xx.xx.xx:xxxxx] [client xx.xx.xx.xx] ModSecurity: Access denied with code 406 (phase 2). Operator GE matched 1 at TX:brute. [file "/etc/apache2/conf.d/imh-modsec/40_wordpress.conf"] [line "27"] [id "13052"] [msg "POST to wp-login.php without redirect_to"] [severity "WARNING"] [tag "WEB_ATTACK/SHELL ACCESS"] [hostname "domain.com"] [uri "/wp-login.php"] [unique_id "Xcw0ipq6HORiGQf95hXF2gAAAAs"], referer: https://domain.com/wp-login.php
- Locate the ID
EXAMPLE: In the example log entry from step 1, the information we are looking for is [id "13052"]. - Log into Root WHM
- Expand the Service Configuration drop-down and select Apache Configuration
- Click Include Editor
- Under Pre VirtualHost Include, select All Versions from the drop-down
- Add the following, replacing [id] with the ID of the rule found in the Apache error log
SecRuleRemoveById [id]
EXAMPLE: SecRuleRemoveById 13052
- Click the Update button
- Click the Restart Apache button
Comments
0 comments
Article is closed for comments.