Using mod_security2 with WordPress

Get latest premium WordPress themes information, discount coupon or offer by premium themes providers

Using mod_security2 with WordPress

July 11, 2013 WordPress KB 0

ModSecurity is an open source web application firewall which prevent attacks for your websites however if the rules are not configured properly, the legit URLs may be blocked by mod_security rules.

Recently I received few errors “405 Method Not Allowed” and “406 Not Acceptable” while accessing my WordPress admin area. After investigating, I found that Mod_security2 rules were causing this problem. To fix this problem, I created global whitelist configuration file (/usr/local/apache/conf/modsec2/whitelist.conf – this may be different for you depending on your installation) and bypassed some rules for WordPress admin area as follow:

<LocationMatch “/wp-admin/post.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

<LocationMatch “/wp-admin/admin-ajax.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

<LocationMatch “/wp-admin/page.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

<LocationMatch “/wp-admin/options.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

<LocationMatch “/wp-admin/theme-editor.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

<LocationMatch “/wp-includes/”>
SecRuleRemoveById 960010 960012 950006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>

You can enable/disable additional rules as per your requirement.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.