False positive id 217280 in WordPress admin

andypatnz · September 24, 2018, 9:35pm

I get a 403 error when attempting to update the definition of a contact form in WordPress.
The error seems to be related to the inclusion of the word ‘head’ at the start of a line of text of the form.
For example, the text “head and shoulders photo” results in an error whereas “shoulders and head photo” does not.

I have attached an image of the error log

My hosting provider is unhelpful and claims it is a fault in WordPress and the solution is to avoid any text which might result in an error.

What I am really seeking is an explanation of what this particular rule is protecting against, why it should be triggered in this particular case and whether there is a straightforward way of bypassing the problem.

Regards

Andy

Serhyo · October 3, 2018, 9:08am

Hi andypatnz.

Please provide full modsecurity audit log for this event.

andypatnz · October 16, 2018, 12:34am

Hi SergeIP

I went back to my hosting provider who says that the only log he is aware of is the one which I have attached.
Is there anything I can tell him that will enable him to locate the audit log to which you are referring.

Regards
Andy

Serhyo · October 18, 2018, 3:09pm

Hello Andy.
You should report about False Positives here:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html
When you report abou FP you should provide information described:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html;msg869520#msg869520

Please share information about webserver (name, version), WordPress, WP plugin and rules version.

Regards.