Mod Security – Common known problems

Home Forums BulletProof Security Pro Mod Security – Common known problems

This topic contains 2 replies, has 2 voices, and was last updated by  AITpro Admin 4 months, 2 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #33624

    AITpro Admin
    Keymaster

    Mod Security is something that is installed on your web host server and can usually be accessed in your web host control panel if your web host offers that capability.  Mod Security uses SecRules and SecFilters, which are very similar to BPS htaccess security rules.  On some web hosts you can disable and enable individual Mod Security SecRules and SecFilters.  On other web hosts you only have the option to enable or disable Mod Security entirely.  To prevent Mod Security from causing any one of the common known problems below you would either remove/disable the individual Mod Security SecRule or SecFilter in your web host control panel that is causing the problem or if your web host does not offer that capability then you would need to Disable Mod Security in your web host control panel.

    If you are not sure how to disable individual Mod Security SecRules and SecFilters or disable Mod Security entirely in your web host control panel then contact your web host support and ask them to look at your server logs for Mod Security errors.  The Mod Security errors will tell you which Mod Security SecRules and SecFilters are causing problems for WordPress, Plugins, Themes and the BPS and BPS Pro plugins and need to be disabled.

    Explanation for the recent Mod Security issues/problems starting around January 2017:
    cPanel added Mod Security as a new feature back around January 2017. So what we suspect is happening is that as web hosts worldwide upgrade cPanel to the new cPanel version that includes the Mod Security feature then the Mod Security SecRules and/or SecFilters that have been created by default by cPanel for Mod Security are causing various problems for BPS, WordPress, other plugins, themes, etc. What is important to note is that the default SecRules and SecFilters that come with Mod Security do not cause the wide variety of problems for WordPress, Plugins, Themes and the BPS and BPS Pro plugins that we have been seeing for 1+ years now.

    List of common known Mod Security problems:
    Notes:  This is not a complete list of common known Mod Security problems.  We estimate that there are 100’s if not 1,000’s of problems for WordPress, Plugins and Themes caused by the new cPanel Mod Security SecRules and SecFilters that ship with newer versions of cPanel. 

    Important Reminder: If you see the BPS Mod Security Module is Loaded|Enabled Dismiss Notice it is does not necessarily mean these problems will occur on your website/server.  The Mod Security problems are caused by certain Mod Security SecRules and/or SecFilters and not Mod Security itself.

    Unable to install plugins or themes using the WordPress Upload Zip installer – 403, 404 or 500 error or no errors and nothing works/happens.
    Unable to login or logout of your website – 403, 404 or 500 error or no errors and nothing works/happens.
    Unable to save Root or wp-admin htaccess custom code using the BPS Custom Code forms – 403, 404 or 500 error or no errors and nothing works/happens.
    Unable to save htaccess code using the BPS htaccess File Editor – 403, 404 or 500 error or no errors and nothing works/happens.
    Unable to View, Restore or Delete files in BPS Pro Quarantine – 403, 404 or 500 error or no errors and nothing works/happens.

    Related Forum Topics:
    https://forum.ait-pro.com/forums/topic/error-404-page-not-found-on-activation/
    https://forum.ait-pro.com/forums/topic/wp-login-page-redirects-to-403-bps-error-page/
    https://forum.ait-pro.com/forums/topic/403-error-after-upgrading-to-version-49-3/

    #35324

    mike
    Participant

    I been having this problem on all my site! how do I fix it?

    #35325

    AITpro Admin
    Keymaster

    Please read the help info in the beginning of this forum topic for how to fix the Mod Security problems.  Also we have added a new check for Mod Security on the BPS System Info page if you would like to verify/confirm that Mod Security is Loaded|Enabled.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded
    403: mod_security2 Module is Loaded|Enabled

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.