Issue Using atomic corp rules for modsecurity but updating page via elementor doesn't work and gives internal server error.

[hamza-24]

Server operating system version

centOS 7

Plesk version and microupdate number

18.0.56 #4

Hey everyone
i have enabled modesecurity for my website using atomic corp rules.
but when I update something on website using elementor keeping modsec on it gives me internal server error.
if I turn off modsec and update it works fine.
but I want to resolve this with modsec on.
your help will be highly regarded

 

[Peter Debik]

When ModSecurity steps in, it logs a 403 error to the error_log of the domain. Such an entry looks similar to

[client <IP Adresse>] ModSecurity: [file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "258"] [id "33350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "ARGS:actions" required. [hostname "<Domain>"] [uri "/wp-admin/admin-ajax.php"] [unique_id "YGd3IS-RaDMGEBt0BJbDcABAAAn"], referer: https:// <Domain>/wp-admin/post.php?post=24&action=elementor

You can see the

... ne "258"] [id "33350147"] [rev "1 ...

[id ...] section in that message. This is the id of a rule that is applied that leads to the 403 error. You can copy the rule id and add it as an exception to the "Web Application Firewall" exceptions. This way you can leave ModSecurity on while the rules that previously caused the permission ban error on your website won't apply any longer.