Website Security

ModSecurity Caused Some Problems For Me Recently


I recently had some issues on my ecommerce website after my web hosting company upgraded the servers to Litespeed ones. After a bunch of troubleshooting I had to reach out to my web host for assistance. That’s when I discovered they used ModSecurity and that was the reason behind my problems.

What Is ModSecurity?

You can read the full details here as this is the line my web hosting company provided me. Basically ModSecurity is:

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

How Did My Website Run Afoul Of ModSecurity?

My issues started last week when I tried to create and/or update pages or posts. Each time I got the same error: Error Updating failed. Error message: The response is not a valid JSON response. Then I checked my error deeper using the Dev Tools in my browser using the Network tab. I saw a particular path get the 403 response meaning it was forbidden.

When I supplied this information to my web hosting company it didn’t take them long to figure out what caused the forbidden response. Somehow my website triggered a rule in ModSecurity and they had to whitelist the path. That fixed my issue!

Is There Anyway I Can Prevent This In The Future?

Nope. I can’t access that firewall as only the company can. So If I have problems like this in the future then I have to contact their support and provide all the information so they can whitelist the path.

Thanks for reading this post and visiting Brittbot. Keep coming back to read my thoughts about WordPress, building your brand, website services, and programming topics.

0 0 votes
Article Rating
Share My Post!
Notify of
Inline Feedbacks
View all comments