Disable mod_security rule in Plesk to avoid White Screen Of Death (WSOD)

  • Resolved Peter Luit

    (@peterluit)


    6 years ago

    Well, I figured out that I could disable one rule in the mod_security in Plesk. With the firewall switched on, using Gutenberg results in the following error (xxx for IP address)

    [client xxx.xxx.xxx.xxx] ModSecurity: [file “/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf”] [line “253”] [id “33340149”] [rev “152”] [msg “Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potential Cross Site Scripting Attack”] [data “ecmascript”] [severity “CRITICAL”] Access denied with code 403 (phase 2). Pattern match “(?:< ?i?frame ?src ?= ?(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:\\\\.add|\\\\@)import |asfunction\\\\:|background-image\\\\:|e(?:cma|xec)script|\\\\.fromcharcode|get(?:parentfolder|specialfolder)|\\\\.innerhtml|\\\\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s| …” at REQUEST_URI. [hostname “xxxxxxxxxxxxxx.nl”] [uri “/wp-content/plugins/gutenberg/vendor/wp-polyfill-ecmascript.min.2ae96136.js”] [unique_id “W@fh8633y1IjgVrBtBt65wAAAAE”], referer: https://websitesvanoranje.nl/wp-admin/post.php?post=4901&action=edit

    The ID of the rule is 33340149. If you set that as the ID to be ignored, then Gutenberg will work fine.

    Just wanted to let you know. It seems that ‘they’ are working on a final solutions to avoid individual rule settings per site. But for now this is ok as a workaround.

Viewing 1 replies (of 1 total)
  • Thread Starter Peter Luit

    (@peterluit)

    Solved now with Gutenberg latest version 4.3.0. They changed the filename of the JavaScript involved. Thanks……

Viewing 1 replies (of 1 total)
  • The topic ‘Disable mod_security rule in Plesk to avoid White Screen Of Death (WSOD)’ is closed to new replies.