ModSecurity Firewall: How It Caused Problems For Me

I recently had some issues on my ecommerce website after my web hosting company upgraded their servers to LiteSpeed Web Servers. After a bunch of troubleshooting I had to reach out to my web host for assistance. That’s when I discovered they used ModSecurity firewall and that was the reason for my problems.

What Is ModSecurity Firewall?

You can read the full details here as this is the details my web hosting company provided me. Basically ModSecurity is:

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://github.com/SpiderLabs/ModSecurity

How Did My Website Run Afoul Of The ModSecurity Firewall?

My issues started after my web hosting company installed LiteSpeed Web Server on their servers. When I tried to create and/or update pages or posts I got the this error: Error Updating failed. Error message: The response is not a valid JSON response. I had no idea what that meant so I turned to Google and found other websites discussing the error. Unfortunately, the solutions in those sites didn’t resolve my issue.

At one point I though my Wordfence Firewall was to blame. I opened a support ticket with them and the company had me test some things. After working with me for a few days Wordfence’s support found their firewall wasn’t to blame for my error.

I did some more research and used the Developer Tools in my browser to get more information about my error. Using the Network tab I saw a particular path get the 403 HTTP response meaning accessing the path was forbidden.

I finally contacted my web hosting company and supplied this information to them. It didn’t take them long to figure out what caused the forbidden response. Somehow my website triggered a rule in the ModSecurity firewall and they had to whitelist the path. That fixed my issue!

Should You Disable This Firewall?

No! You shouldn’t disabled the ModSecurity firewall. I get this question quite a bit since I work at a web hosting company. The customers submit a ticket about their problems with the firewall and they want to turn it off so it stops blocking their websites. I understand this software can take up time because you have to contact technical support for assistance. Yet, the ModSecurity firewall offers great protection. Although it can’t block all attacks, it does block a good number of them. I’ve read through various logs and seen how the firewall blocks attacks all day, everyday.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x