Announcement

Collapse
No announcement yet.

Mod Security causes 412 server error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mod Security causes 412 server error

    DISREGARD ALL THE "**". I had to use them in order to jump the spam filters

    I'm putting up a site that is electr**onic ciga**rette related.

    But I just found out that performing certain searches using the term "electr**onic ciga**rette" on my site return a 412 error.

    Doing a search for "electr**onic cigar**ette" alone is no problem. It's only when I select a currency after conducting that search.

    So when I do a search for "electr**onic ciga**rette" the URL looks like this...

    example.com/?s=electr**onic+ciga**rette and that does not return a 412 error.

    But if after I conduct that search with that "electr**onic ciga**rette" keyword and THEN select a currency, the URL looks like this...

    example.com/?&s=electr**onic+ciga**rette&currency=[GBP] and returns the 412 server error. (It doesn't matter which currency is selected, that's just an example.)

    I figured out after an hour of testing that it is Mod Security causing this. When I turn Mod Sec off, the problem goes away. Apparently Mod Sec is configured to block some searches with the term "electr**onic ciga**rette", which is understandable since the industry has been plagued with spammers and the link in the past when electr**onic ciga**rettes were newer.

    But now this makes me wonder what other searches might possibly trigger this 412 error, and that's disheartening after all the days/hours I've put into this site!

    So, I'm assuming at this point that my only option here is to turn off Mod Security? Is this correct?

    - If I'm wrong, then what are my other options?

    - If I'm right, then what are the major downfalls of having Mod Sec turned off? How big of a deal is it to turn Mod Security off? There seems to be a lot of conflict on the internet as to whether Mod Sec is worth running on your site or not.

    Also, so you know, setting Mod Sec to "detect mode" is no different, I still get the 412 error, so that's not a solution.
    Last edited by vrepub; 09-02-2017, 10:07 PM.

  • #2
    Hello,

    It is always better to have ModSecurity enabled for your website because it offers an additional layer of security for your script.

    However there are cases, like yours, when you should disable it in order for the script to be operational.

    Based on your reply, I am assuming that the domain is hosted in a Hepsia based hosting account, so in this case you have one even better option.
    You can keep ModSecurity active for the domain in question and disable only the triggered rule. The ID of the triggered rule you can find in the ModSecurity logs available in the ModSecurity section of the Hepsia control panel.

    Then you can disable that particular rule only using the following code in the script's .htaccess file:

    <IfModule security2_module>
    SecRuleRemoveById 330036
    </IfModule>


    where "330036" is the ID that you will obtain from the ModSecurity log.

    If you have any further questions or you can't do that yourself, feel free to open a support ticket from your hosting control panel and our support will assist you further.

    Best Regards,
    Cvetan Ivanov

    Comment


    • #3
      Thank you for your response. I have only one question for you.

      The ID # in Mod Sec in my logs for those times I searched for "elec**tronic ciga**rette" and got the 412 error is 300066.

      Is that ID a specific anti-spam ID to for the keyword "elec**tronic ciga**rette" or is that ID a general ID for all anti-spam "attacks"?

      I have no way of testing that htaccess rule since I have not come across any other keywords that trigger the 412 error.

      Thanks

      Comment


      • #4
        Hello,

        Rule #300066 is an anti-spam rule not only for "elec**tronic ciga**rette" but this is the optimal way to resolve your problem.

        Best Regards,
        Cvetan Ivanov

        Comment


        • #5
          Good, that's what I want to hear seeing how visitors to my site will rely heavily on the search function and given the subject matter of the site.

          I didn't want to have an htaccess rule for every single spam keyword I come across

          Thanks for your help.

          Comment


          • #6
            Originally posted by c.ivanov View Post
            Hello,

            Rule #300066 is an anti-spam rule not only for "elec**tronic ciga**rette" but this is the optimal way to resolve your problem.

            Best Regards,
            Cvetan Ivanov
            Is there a list of words/phrases that trigger this rule? Would be useful since I recall having a client who has a travel blog that complained about me how she couldnt post about Las Vegas. Turns out "cas**ino" was triggering it so I just turned off the ModSec altogether.

            Comment


            • #7
              Hello,

              No, I can't provide you with a list of the words which trigger the rule. You need to disable the rule or the whole ModSecurity protection.

              That is up to you.

              Regards,
              Cvetan Ivanov

              Comment

              Working...
              X