Facebook
Twitter
Since yesterday we are seeing several support cases were customers are locked out of their websites by fail2ban as it reacts to a ModSecurity 403 error. That is caused by rule 222212 in Wordpress installations, for example as follows:
This seems to be occuring in several customer installations. It is always the 27_Apps_WPPlugin.conf that is complaining and always the 222212 rule. Customers are reporting that they were editing their websites while suddenly they are locked out. So actually, they are not doing anything harmful.
The solution of course is to exclude rule 222212 from Web Application Firewall (ModSecurity), but the question is: Why is this suddenly happening and who needs to do something about it? It cannot stay this way, because it means that likely a major part of Wordpress users will be affected and sooner or later lock themselves out by simply working on their websites.
Code:
[client 77.123.123.12] ModSecurity: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "3792"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "<domainname>"] [uri "/wp-admin/edit-comments.php"] [unique_id "Xn5TaY9yZoW9kX79a6a2gAAABBE"], referer: https://<domainname>/wp-admin/edit.php?ids=1The solution of course is to exclude rule 222212 from Web Application Firewall (ModSecurity), but the question is: Why is this suddenly happening and who needs to do something about it? It cannot stay this way, because it means that likely a major part of Wordpress users will be affected and sooner or later lock themselves out by simply working on their websites.
Last edited:
