• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved ModSecurity and WordPress

M

MicheleB

Regular Pleskian
Hello,
every time I'm loggin on a WordPress installation I receive a lot of errors on ModSecurity audit log, for example:
Code: 
[client {IP}] ModSecurity: Warning. Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "124"] [id "33308"] [msg "IM360 WAF: Successfull WordPress login||T:APACHE||"] [tag "service_i360"] [tag "noshow"] [hostname "{wordpress url}"] [uri "/wp-login.php"] [unique_id "CdfRREssTgxxWAiife"], referer: https://{url}/wp-login.php

Is a normal behaviour or do I need to change something on Web Application Firewall?
Are there recommended settings for WordPress?
2020-04-17_22-02-03.png
 
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
 
Yes, I've tried with more browsers (Safari, Chrome, Firefox), with cookies cleared, with anonymous navigation, with different WP users, with different WP installations, etc... but on the error log of Web Application Firewall I always see the above "warning" for each login process.
The login process works good, I receive none error on the browser but I don't know if ModSecurity works good or have something configuration missing.
 
IgorG said:
I am not sure, but it seems like some pattern in cookies:

Pattern match "^wordpress_logged_in_" at RESPONSE_HEADERS:Set-Cookie.

Have you tried to check the issue with another browser or clear cookies?
Click to expand...


If I deactivate "service_i360" the login's errors disappear... what is "service_i360" and is safe to have it disabled?
2020-04-22_19-01-26.png
 
You must log in or register to reply here.

Similar threads

L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
10K
loman
L
P
Issue my website not rendering in some countries due to modsecurity
Replies
0
Views
1K
pointsriver
P
P
Question my website not rendering in some countries due to modsecurity
Replies
0
Views
1K
pointsriver
P
Q
Issue mod security settings for nextcloud works only fo several hours
Replies
0
Views
2K
Quit96
Q
A
Question Plesk IM360 and ModSec
Replies
6
Views
5K
jbeltran73
J
Back
Top