ModSecurity and OWASP settings

wikenigma

Hello All . . .
This might be of help to anyone running DW on a system where ModSecurity and OWASP rules are built-in part of the anti-h4cking measures on a server setup.
On the setup I've been using, a large number of '403' (forbidden) were being generated by the server when certain words and phrases were used in a DW page (on page save). Some of the words are in very common usage - such as "having" and "nerve".
The 403 errors meant that DW was unable to save the page, and jumped instead to the default 'This page does not exist' page.
After a series of tests, my server provider has found that the following OWASP rules were being triggered by DW.
933160
941120
942190
942230
942360
They have now been disabled on the server (for DW only) and all is now working fine.
If anyone has been having similar problems, give it a try.

wikenigma

My server provider has found another rule that was preventing Dokuwiki edits
933210
Could I ask if anyone else has had problems with ModSecurity and OWASP preventing DW from operating correctly? As I understand it, the systems are pretty much standard installations for hosting providers.

michaelsy

wikenigma Could I ask if anyone else has had problems with ModSecurity and OWASP preventing DW from operating correctly?

I don't know what it is, but I don't have a problem with it with 1&1/IONOS (one of the big players here in Germany).

wikenigma As I understand it, the systems are pretty much standard installations for hosting providers.

This is not the first time that there have been problems with individual hosting providers that do not seem to occur with many other providers.

Which provider are you with?

Thanks for sharing your experience!

- Michael Sy.

Global DokuWiki Links