Articles in this section

WordPress site with WooCommerce is down in Plesk: 403 Forbidden

Renan Poss Moreira
Updated
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux
  • Plesk for Windows 

Symptoms

  • A WordPress website is not accessible, and shows incorrect content, or one of these errors:

    Forbidden
    You don't have permission to access this resource.
    Apache Server at example.com Port 443

    404 Not found

  • The WooCommerce plugin is enabled on the instance, and updated to version 8.5 or later.

  • Comodo ruleset is enabled in Tools & Settings > Web Application Firewall (ModSecurity)

  • The lines below can be found in Domains > example.com > Logs:

    ModSecurity: Warning. Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at REQUEST_COOKIES:sbjs_first. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||example.com|F|2"] [data "Matched Data: |||id=(none) found within REQUEST_COOKIES:sbjs_first: typ=organic|||src=google|||mdm=organic|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "example.com"]

Cause

WooCommerce +8.5 triggers the web application firewall rule 218500 from the Comodo ruleset, blocking access.

Resolution

WooCommerce is working to fix this. In the meantime, the rule can be disabled to work around the problem.

  1. Log in to Plesk
  2. Disable rule 218500 on the affected domains as instructed in this guide: How to disable specific Web Application Firewall rules in Plesk
  3. If the issue persists, unban client IP address in in Tools & Settings > Fail2ban
Was this article helpful?

Comments

6 comments
Date Votes
  • Avatar
    Marvin Vitten

    Yes, I had this problem too, thx for sharing

    2
  • Avatar
    Ahmed Zeidan

    The solution works for me too. Thanks.

    1
  • Avatar
    Myhost.ie Support

    hello,

    Can the WAF be updated by CLI, logging into over 100 Plesk instances to bypass this rule is a non runner.

    Rgds

    D.

    0
  • Avatar
    tfrank7

    I also had to disable these rulesets to get rid of all the Apache errors.

    210831
    214940

    0
  • Avatar
    Marco de Lange

    Thank you, took me a few days trying to get rid of the crashes. The 218500 sorted the problem :-)

    1
  • Avatar
    Taylor Latch

    Thanks. 

    1

Please sign in to leave a comment.