OWASP3 Blocks settings page

Can not access the settings page when ModSecurity is enabled using the OWASP rule set. I had no problem on previous server that has older OWASP rule set installed.

OWASP ModSecurity Core Rule Set V3.0
https://go.cpanel.net/modsecurityowasp

wp-admin/options-general.php?page=mainwp_child_tab

#
# -=[ PHP source code leakage ]=-
#
# Detect some common PHP keywords in output.
#
SecRule RESPONSE_BODY “(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\$_(?:(?:pos|ge)t|session))\b” “phase:response, rev:’2′, ver:’OWASP_CRS/3.0.0′, maturity:’9′, accuracy:’9′, t:none, capture, ctl:auditLogParts=+E, block, msg:’PHP source code leakage’, logdata:’Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’, id:953110, tag:’application-multi’, tag:’language-php’, tag:’platform-multi’, tag:’attack-disclosure’, tag:’OWASP_CRS/LEAKAGE/SOURCE_CODE_PHP’, tag:’WASCTC/WASC-13′, tag:’OWASP_TOP_10/A6′, tag:’PCI/6.5.6′, severity:’ERROR’, setvar:’tx.msg=%{rule.msg}’, setvar:tx.outbound_anomaly_score=+%{tx.error_anomaly_score}, setvar:tx.anomaly_score=+%{tx.error_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/SOURCE_CODE-%{matched_var_name}=%{tx.0}”

Message in error_logs
Matched Data: fopen found within RESPONSE_BODY

It’s possible there are other rules that are getting applied as well. Not sure if this was working on previous versions of plugin.

Happen to know a custom rule that will fix this issue?