We are integrating our payment provider “Mollie in Netherlands” and with the payment procedure, the provider send back a statusupdates and also a so called webhook.
The problem happening now is that their system generate errors in the logs on the my account from Mollue, probably because CWAF blocks them.
The log is full of the same errors which I attach one here:
How can we fix this problem in a way that CWAF let these status updates from “Mollie” trough without blocking them.
Please check modsecurity audit log for possible false positive rule and disable it.
Also you can try to turn off CWAF temporary to check who causing this problem.
How to disable rule by ID:
In plugin open ‘Catalog’ tab.
Type rule ID in ‘Filter by [Item ID]’ field, press ‘Search by Rule ID’ button
Turn off found rule.
Press ‘Implement’ button to apply changes
How to temporary turn off CWAF:
In plugin open ‘Security Engine’ tab.
Select ‘Off’ value in ‘Security Engine’ dropdown
Press ‘Update config’ to apply changes
If you don’t have CWAF plugin installed please change ‘SecRuleEngine’ directive in config file. Set in to ‘SecRuleEngine Off’, save file and restart web server.
Thanks for your fast reply!
I have searched the whole server but there is no modsecurity audit log. Do you have an idea where to find it? In the server under logs there is nothing from modsecurity.
I will test with CWAF off but another way is maybe to allow all traffic coming from mollie. How can i do that in CWAF?
Oleg, when you see that error, can it come from something else also? I have also CSF installed.
As I remembered from last session your web server is Apache with Webmin/Wirtualmin
I have checked similar setup and found in file /etc/httpd/conf.d/zzzz_cwaf_security2.conf following record
Thanks for your very good tips. Finally, I have found the log:) In Webmin is a new filemanager and you can there search for a specific file. So that was easy.
Thank you very much for your fantastic help and it is amazing how much you know about these extremely complicated things!
Everything works perfect now. No blocking anymore