Latest Wordpress update, when the user try to login to /wp-admin the rule 214560 blocks the user.
This is happenning in ALL WORDPRESS SITES that have the latest version.
I can confirm that this affecting several hundred sites for me.
We are experiencing this too and receiving a lot of complaints from users getting blocked. I’ve disabled the rule across all of our servers.
Thank you, we will check this issue and report soon.
The 2 rules that are to blame are #214620 and #214940 if you white list these for now the admin login works fine again.
The rule 214560 has been removed in rules v.1.60
hi, i get some problem with 214620, 214940 comodo wav roles setted on my new managed cloud hosting for all domain with wp installed. Why after 8 years this happens? My provider use the 2.9 free comodo waf roles. Now i need to bypass this roles but this it is safe? have i ask my cloud provider to update comodo roles release?
Hi nonchiedercilaparola,
Thank you for reporting.
Could you please tell us exactly what you did and what happened ?
Any screenshot would be helpful.
Thanks
C.O.M.O.D.O RT
i think that Comodo WAF free rules version 2.9 (used by my hosting provider for my managed cloud linux) could have some problems with somes function (ex. call_user_function) used by wordpress due to 214620, 214940 rule.
i get several apache errors all are of these two type:
[client 82.57.3.189] ModSecurity: Access denied with code 403 (phase 4). Pattern match “(?:\\b(?:call_user_func|f(?:get(?:c|s{0,1}s)|open|read|scanf|tp_(?:nb_){0,1}f{0,1}(?:ge|pu)t|write)|gz(?:compress|open|read|(?:encod|writ)e)|move_uploaded_file|read(?:dir|(?:gz){0,1}file)|s(?:candir|ession_start)|(?:bz|proc_)open)|\\$_(?:session|(?:ge| …” at RESPONSE_BODY. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/16_Outgoing_FilterPHP.conf”] [line “17”] [id "214620 "] [rev “1”] [msg “COMODO WAF: PHP source code leakage||farmaciaosimostazione.it|F|3”] [data "Matched Data: call_user_func found within RESPONSE_BODY: \x0a<html class=\x22wp-toolbar\x22\x0a\x09lang=\x22it-IT\x22>\x0a\x0a\x0a\x09Bacheca ‹ Farmacia Osimo Stazione — WordPress\x0a\x0aaddLoadEvent = function(func){if(typeof jQuery!==‘undefined’)jQuery(function(){func();});else if(typeof wpOnload!==‘function’){wpOnload=fu [hostname “farmaciaosimostazione.it”] [uri “/wp-admin/index.php”] [unique_id “Zo-3ZDhca3QbQ8EoMbDSUgAAAMk”], referer: https://xxxxxx.it/wp-login.php?loggedout=true&wp_lang=it_IT
[client 82.57.3.189] ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf”] [line “38”] [id “214940”] [rev “2”] [msg “COMODO WAF: Outbound Points Exceeded| Total Points: 4|farmaciaosimostazione.it|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “FiltersEnd”] [hostname “farmaciaosimostazione.it”] [uri “/error_docs/forbidden.html”] [unique_id “Zo@hSHXRPIC1aNXjQYp7EgAAAFY”]
the final result is that the IP is banned