Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
A WordPress website is not accessible, and shows incorrect content, or one of these errors:
Forbidden
You don't have permission to access this resource.
Apache Server at example.com Port 443404 Not found
-
The WooCommerce plugin is enabled on the instance, and updated to version 8.5 or later.
-
Comodo ruleset is enabled in Tools & Settings > Web Application Firewall (ModSecurity)
-
The lines below can be found in Domains > example.com > Logs:
ModSecurity: Warning. Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at REQUEST_COOKIES:sbjs_first. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||example.com|F|2"] [data "Matched Data: |||id=(none) found within REQUEST_COOKIES:sbjs_first: typ=organic|||src=google|||mdm=organic|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "example.com"]
Cause
WooCommerce +8.5 triggers the web application firewall rule 218500
from the Comodo ruleset, blocking access.
Resolution
WooCommerce is working to fix this. In the meantime, the rule can be disabled to work around the problem.
- Log in to Plesk
- Disable rule
218500
on the affected domains as instructed in this guide: How to disable specific Web Application Firewall rules in Plesk
Comments
6 comments
Yes, I had this problem too, thx for sharing
The solution works for me too. Thanks.
hello,
Can the WAF be updated by CLI, logging into over 100 Plesk instances to bypass this rule is a non runner.
Rgds
D.
I also had to disable these rulesets to get rid of all the Apache errors.
210831
214940
Thank you, took me a few days trying to get rid of the crashes. The
218500
sorted the problem :-)Thanks.
Please sign in to leave a comment.