Sick of being a Beta Tester

Access denied with code 403 (phase 2). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/var/cpanel/cwaf/rules/cwaf_01.conf"] [line "444"] [id "210720"] [msg "COMODO WAF: HTTP protocol version is not allowed by policy"] [data "Confidential: The Rock Bottom Remainders&products_id=850 HTTP/1.0"] [severity "CRITICAL"]

It appears to have been triggered by the colon in a title of a book. Have these rules actually been tested in live situations? It doesn’t appear so.

Uninstalling on all servers, until you can get your act together. At least the default set from cPanel only need a couple of whitelisted rules. I am aware that they don’t protect sites anywhere to the same degree but what is the point if shops are losing sales?

Your application uses non standard HTTP protocol signature:

Confidential: The Rock Bottom Remainders&products_id=850 HTTP/1.0
Possibly there was error when client side formed HTTP request, so the part of URL was interpreted by server as protocol id.

There are a strict format for HTTP protocol identification HTTP/1.1: Protocol Parameters