Triggers ModSecurity Rule 214540
-
We have been having some really odd issues with getting blocked from multiple of our sites and I have narrowed it down to ModSecurity getting triggered because of the iFrame code that is in use.
This was the error we were getting in our Firewall logs when our IP address got blocked:
# lfd: (mod_security) mod_security (id:214540) triggered by xx.xx.xxx.xx: 5 in the last 3600 secs – Fri Jun 12 13:03:12 2020Doing some research this came down to the fact that ModSecurity looks for invisible iFrames, width:0 and height:0, that are also display:none. They do have an exclusion though for Google Tag Manager iFrames but their exclusion is very specific and requires the iFrame’s src to start with:
https://www.googletagmanager.com/ns.html?id=GTMSo my solution is simply to modify wp-content/plugins/wk-google-analytics/lib/Loader.php and change line 75 so it includes the “https:” as part of the url. Thus line 75 becomes:
<iframe src="https://www.googletagmanager.com/ns.html?id=<?php echo $TAG_MANAGER_ID; ?>"
The iFrame tag also lines up with what Google Tag Manager gives you as well so making the change to add “https:” into the source code should not cause other problems.
I hope this can be added to a plugin update and that it helps someone else with phantom problems
- The topic ‘Triggers ModSecurity Rule 214540’ is closed to new replies.