not working with CWAF – included a security hole?
-
It was working before, but not with the latest update, version 2.3.0. Classic Editor is working fine.
[Thu Mar 08 07:05:24.962982 2018] [:error] [pid 26262:tid 140109785478912] [client my-ip-address:10147] [client my-ip-address] ModSecurity: Access denied with code 403 (phase 2). Match of "ge 1" against "&REQUEST_COOKIES_NAMES:/^wordpress_([0-9a-fA-f]{32})$/" required. [file "/usr/local/cwaf/rules/28_Apps_WordPress.conf"] [line "127"] [id "225170"] [rev "1"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||my-domain-name|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "my-domain-name"] [uri "/wp-json/wp/v2/users"] [unique_id "WqDSpFczAjtKrcDim5CqlAAAAGA"], referer: https://my-domain-name/wp-admin/post-new.php?post_type=page [Thu Mar 08 07:05:30.496640 2018] [allowmethods:error] [pid 26262:tid 140109584054016] [client my-ip-address:10097] AH01623: client method denied by server configuration: 'PUT' to /home/username/domains/my-domain-name/public_html/wp-json, referer: https://my-domain-name/wp-admin/post-new.php?post_type=page [Thu Mar 08 07:05:37.768064 2018] [allowmethods:error] [pid 26262:tid 140109978511104] [client my-ip-address:10096] AH01623: client method denied by server configuration: 'PUT' to /home/username/domains/my-domain-name/public_html/wp-json, referer: https://my-domain-name/wp-admin/post-new.php?post_type=page
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘not working with CWAF – included a security hole?’ is closed to new replies.
