Big Problems with Phantom Rule 225130


Users on multiple servers can no longer create or update posts in WordPress. (That’s a big problem because WP is all we host.)

If a user tries to save a post with a link in it, the post doesn’t save and the user sees a 404 error.

The ModSecurity logs show that this action triggers rule 225130. Details about that rule:

404 225130: COMODO WAF: XSSvulnerability in the WordPressbefore 4.3.1 (CVE-2015-5714)|||F||F|2

So this doesn’t make sense because all of these sites are on the current version of WordPress, many versions beyond 4.3.1. So, from the description, this rule shouldn’t even be taking effect.

But the bigger problem is that I can’t disable the rule! When I search for it in the catalog, I get a “not found” error. Yet that rule is actively working and causing problems.

How can we resolve this?



And of course, now I am able to find and disable the rule.

However I’m wondering…when this rule is active, why does it still affect sites much later than 4.x?



EDIT: As soon as i posted this, appears that a new update was released. Rules 1.97. I’m still tring to see if fix the problem.

This is a major problem. I also found this since yesterday!

If the post have a image or link, the rule is activated. Doesn’t matter if is used the last version of Wordpress or not, the rule is always active.
I also cannot disable it by the Comodo WAF plugin in cPanel. The only solution was disable ALL the wordpress rules (what is not recommended).

Any fix in place?


I was just trying to track down that rule myself.

Can you track and find correspond file/rule? There should be rules.dat file containing version of rule.