client blocked, but rule is disabled

I have a client that keeps getting blocked, this is whats happening:

csf.deny: # lfd: (mod_security) mod_security (id:211540) triggered by Kingdom/ 5 in the last 3600 secs - Wed Oct 14 15:46:25 2015

and so I disabled the rule (211540) COMODO WAF: Blind SQL Injection Attack

however they still keep getting blocked by this same rule, even though its disabled on their domain.

whats going on?

I have litespeed 5.0.7 Enterprise
CWAF plugin version 2.13
Current rules version 1.45 (Latest version)

[attachment deleted by admin]

an addition, users get this when in the wordpress admin area

Please check again as I feel there may be multiple rule blocking it. Disable one rule will make other rule to trigger and that can block it. So its good to check log again.


well i disabled that rule but they are still getting blocked by that same rule? it does not say any other rules when i search for their ip… it says that rule blocked them even though its disabled?


Did you disabled it for domain? Please try to disable globally this can be issue.

Regards, Oleg


yes i disabled for the domain… ill try disabling globally.

so should i always disable globally and not at domain level?

Disabling rule for domain depend on regular expression.
If requests to your server not match this expression request will not be blocked.

So if it will block for rule disabled globally we will know this is regex issue.

Regards, Oleg