Mod_Security blocking IP upon editing post – .htaccess fix

Recently while editing my WordPress posts I found that previewing them would return me this error:

mod_security_block

I ignored this for temporary issue couple of times until I was no longer able to access my website from my PC. I immediately tried FTP and that was disabled as well. Then I tried accessing the blog through my cell phone and found that my website was not down, but for some reason, I’m unable to access my website through my PC.

It was IP block indeed. Upon contacting the hosting provider they did confirm that the issue was with mod_security blocking my IP. This is what they asked me to do to prevent this issue:

  • Users who violate mod-security rules unknowingly or exceed the limit of allowed connections requests occasionally may be blocked by the firewall.
  • Many of these IP blocks in shared servers are also caused by incorrect logins, users saving old passwords in their applications.
  • The web owner’s mail client has a very low “mail check interval”, causing multiple connections attempts to the mail server, especially if many users are accessing email through a common connection.
  • The web owner using an old or wrong password in mail, web, FTP or cPanel services interface multiple times, leading the firewall to think it is a brute force attack.
  • The web owner has an FTP client set with a very high number of simultaneous connections, causing the firewall to treat the connection attempts as a denial of service attack.
  • A website or application update or a page access request gets interpreted as a hack attempt by the web application firewall such as mod_security

As much as I appreciate their support regarding the issue, this didn’t help me much since I’ve not violated any of the stated rules. I then tried investigating and found that auto save intervals and post revisions could trigger this error. So, like it said in the tutorial, I updated my WordPress configuration file (wp-config.php) to have the following rules:

define( 'AUTOSAVE_INTERVAL', 60*60*60*24*365 ); // autosave 1x per year
define( 'EMPTY_TRASH_DAYS',  0 ); // 0 days
define( 'WP_POST_REVISIONS', false ); // no revisions

Sadly, that didn’t fix the issue either. After contacting my hosting provider back and forth (they’re really patient), I found the mod_security rules that did block my IP upon post edit. Finally, I disabled those rules in my htaccess file and could get to fix the issue. This is the code I’ve added:

<IfModule security2_module>
    SecRuleRemoveById 000000
	SecRuleRemoveById 000000
</IfModule>

Replace 000000 with the mod_security rule id provided from your host in order to get this fixed. I haven’t had issues with this ever since. I’ll keep this post updated if I run into further errors.

So this didn’t fix the issue as well. Upon contacting hosting, they’ve provided me with yet another code to get this issue fixed:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
SecFilterSelective REMOTE_ADDR "MY_IP_HERE" "nolog,noauditlog,pass"
</IfModule>

For now, I’m not blocked. This post will be updated if I have further issues.

/ / /

Report (Please include link to post while reporting)

Leave a Reply

Your email address will not be published. Required fields are marked *