Slow uploads in Wordpress caused by something in 24_Init_AppsInitialization.conf

I’m using the Comodo WAF rules as a vendor for CSF in WHM/Cpanel. I was having trouble getting large Wordpress uploads to go through successfully. A 100mb file would take 15 minutes to upload, but if I disabled the Comodo modsec rules, it would be done in less than a minute.

I narrowed it down to something in the 24_Init_AppsInitialization.conf file. I tried simply disabling the three rules in that file, but that didn’t work. Only when I disabled the entire file rule set did the uploads go back to being fast.

So, two part question: (1) Can this be fixed? and (2) What issues will I run into having this ruleset disabled? Will it affect all the other app-specific rules below it?

Hi Trevor

Thank you for reporting.
24_Init_AppsInitialization.conf is file containing required initialisation for web application (Wordpress, Joomla etc) check
So disabling this file you make web app rules ineffective.
I will ask rule writers to check this issue. We will check if it possible to fix such behavior.

Regards, Oleg

You can try to disable request body inspection but several CWAF rules will not work in this case.
To disable request body inspection you should add following line

SecStreamInBodyInspection Off
at the end of file [b]/usr/local/apache/conf/modsec2.cpanel.conf[/b]

Doing this you are redefining default CWAF configuration.

What’s strange though, is if I have only 24_Init_AppsInitialization.conf enabled, and disable all the app-specific rules below it, the upload is still very slow.

So it’s not a specific app rule, but something else. Maybe it is the request body inspection?

Nope, this didn’t solve it. I changed this setting and re-enabled #24 ruleset, and the same problem with slow uploads was present.

I’ll check this issue a bit deeper.