• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved ModSecurity and WordPress

M

MicheleB

Regular Pleskian
Hello,
every time I'm loggin on a WordPress installation I receive a lot of errors on ModSecurity audit log, for example:
Code: 
[client {IP}] ModSecurity: Warning. Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "124"] [id "33308"] [msg "IM360 WAF: Successfull WordPress login||T:APACHE||"] [tag "service_i360"] [tag "noshow"] [hostname "{wordpress url}"] [uri "/wp-login.php"] [unique_id "CdfRREssTgxxWAiife"], referer: https://{url}/wp-login.php

Is a normal behaviour or do I need to change something on Web Application Firewall?
Are there recommended settings for WordPress?
2020-04-17_22-02-03.png
 
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
 
Yes, I've tried with more browsers (Safari, Chrome, Firefox), with cookies cleared, with anonymous navigation, with different WP users, with different WP installations, etc... but on the error log of Web Application Firewall I always see the above "warning" for each login process.
The login process works good, I receive none error on the browser but I don't know if ModSecurity works good or have something configuration missing.
 
IgorG said:
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
Click to expand...


If I deactivate "service_i360" the login's errors disappear... what is "service_i360" and is safe to have it disabled?
2020-04-22_19-01-26.png
 
You must log in or register to reply here.

Similar threads

L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
391
loman
L
P
Issue my website not rendering in some countries due to modsecurity
Replies
0
Views
859
pointsriver
P
P
Question my website not rendering in some countries due to modsecurity
Replies
0
Views
738
pointsriver
P
Q
Issue mod security settings for nextcloud works only fo several hours
Replies
0
Views
1K
Quit96
Q
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
1K
Linulex
Linulex
Back
Top