• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved ModSecurity and WordPress

M

MicheleB

Regular Pleskian
Hello,
every time I'm loggin on a WordPress installation I receive a lot of errors on ModSecurity audit log, for example:
Code: 
[client {IP}] ModSecurity: Warning. Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "124"] [id "33308"] [msg "IM360 WAF: Successfull WordPress login||T:APACHE||"] [tag "service_i360"] [tag "noshow"] [hostname "{wordpress url}"] [uri "/wp-login.php"] [unique_id "CdfRREssTgxxWAiife"], referer: https://{url}/wp-login.php

Is a normal behaviour or do I need to change something on Web Application Firewall?
Are there recommended settings for WordPress?
2020-04-17_22-02-03.png
 
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
 
Yes, I've tried with more browsers (Safari, Chrome, Firefox), with cookies cleared, with anonymous navigation, with different WP users, with different WP installations, etc... but on the error log of Web Application Firewall I always see the above "warning" for each login process.
The login process works good, I receive none error on the browser but I don't know if ModSecurity works good or have something configuration missing.
 
IgorG said:
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
Click to expand...


If I deactivate "service_i360" the login's errors disappear... what is "service_i360" and is safe to have it disabled?
2020-04-22_19-01-26.png
 
You must log in or register to reply here.

Similar threads

P
Issue my website not rendering in some countries due to modsecurity
Replies
0
Views
664
pointsriver
P
P
Question my website not rendering in some countries due to modsecurity
Replies
0
Views
557
pointsriver
P
Q
Issue mod security settings for nextcloud works only fo several hours
Replies
0
Views
780
Quit96
Q
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
464
Linulex
Linulex
N
Resolved ModSecurity / WCF call / 403
Replies
2
Views
1K
newbe
N
Back
Top