Title: Apache Mod_Security (WAF) problems. Last modified: March 23, 2025 --- # Apache Mod_Security (WAF) problems. * Resolved [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/) * Hi, * On my dedicated server, we have the Apache ModSecurity WAF enabled. * Often, when I need to save an ASE change, I must first disable ModSecurity, otherwise the changes won’t be saved. * We’ve disabled some WAF rules, but that behavior hasn’t changed. * A very common case is when I put ASE into “maintenance mode.” It will only work if I disable ModSecurity a few minutes beforehand. * Is there a way to fix this? * Thank you. - This topic was modified 1 year, 2 months ago by [BooMeranGz](https://wordpress.org/support/users/boomerangz/). Viewing 11 replies - 1 through 11 (of 11 total) * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18381177) * [@boomerangz](https://wordpress.org/support/users/boomerangz/) thanks for reporting this. It’s likely because ASE”s POST payload when saving changes is considerably large, and is sounding an alarm with ModSecurity. I’m considering moving out some modules’ settings out of the ASE settings page to remedy this. For example, the Admin Menu Organizer module settings can be moved out to a separate “Settings >> Admin Menu” page. * If you are aware of a specific ModSecurity that is checking for the size of a POST payload, and can disable that or make the limit larger (larger than 250KB), that might fix the issue for you. * Thread Starter [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18382280) * Hi [@qriouslad](https://wordpress.org/support/users/qriouslad/), thanks for your response. * I’ll bring this up with the sysadmin so they can see what rules might allow for a higher bit rate. I’ll come back to this thread if I hear any progress._(I just remembered that this same thing happened to me once when I tried to save work with Elementor)_ * Saludos. * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18382620) * [@boomerangz](https://wordpress.org/support/users/boomerangz/) thank you. I look forward to hear what you or your sysadmin finds. * Thread Starter [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18388590) * Hi [@qriouslad](https://wordpress.org/support/users/qriouslad/), * Sysadmin response: “I have increased the max request body limit in modsecurity, SecRequestBodyLimit.” * Also, he told me that you should consider modifying the plugin; it’s not a good idea to change certain modsecurity security settings. * Regards. * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18389029) * [@boomerangz](https://wordpress.org/support/users/boomerangz/) thanks for reporting back Very well noted. I’ve been considering moving out one or more module settings into a separate admin page to reduce the size of the POST payload of the ASE settings page. One good candidate for that is the Admin Menu Organizer module. * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18389031) * p.s. I’ve added this to the list of known issues: [https://www.wpase.com/documentation/known-issues/](https://www.wpase.com/documentation/known-issues/) * Thread Starter [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18389575) * Thanks for taking note, we will wait for news… Regards. * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18400963) * [@boomerangz](https://wordpress.org/support/users/boomerangz/) in the next release, v7.8.5, the Admin Menu Organizer settings (the menu sortables section) will be moved out of the ASE settings page into a dedicated “Admin Menu” page/item under the Settings menu. This should significantly reduce the size of the POST payload. * Feel free to ask your sysadmin to dial back the value of SecRequestBodyLimit in ModSecurity to see if you’re able to save ASE settings just fine in v7.8.5. * Thread Starter [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 2 months ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18401363) * Hi [@qriouslad](https://wordpress.org/support/users/qriouslad/), * Thanks for letting me know. Immediately after installing the 7.8.5 update, I’ll tell the sysadmin so they can return the ModSecurity settings to their defaults. Once all this is done, I’ll run the tests and come back here to let you know the results. * Best regards. * Thread Starter [BooMeranGz](https://wordpress.org/support/users/boomerangz/) * (@boomerangz) * [1 year, 1 month ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18414822) * Hi [@qriouslad](https://wordpress.org/support/users/qriouslad/) * I’m back to let you know that mod_security has been reset to its default (lower) values ​​in Apache. I ran several tests to save ASE settings, and they all worked! You can close this thread. * Thank you very much for your help and work. * Plugin Author [Bowo](https://wordpress.org/support/users/qriouslad/) * (@qriouslad) * [1 year, 1 month ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18415021) * [@boomerangz](https://wordpress.org/support/users/boomerangz/) thanks for reporting back! Glad to hear problem has been fixed. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Apache Mod_Security (WAF) problems.’ is closed to new replies. * ![](https://ps.w.org/admin-site-enhancements/assets/icon-256x256.png?rev=3099794) * [Admin and Site Enhancements (ASE)](https://wordpress.org/plugins/admin-site-enhancements/) * [Frequently Asked Questions](https://wordpress.org/plugins/admin-site-enhancements/#faq) * [Support Threads](https://wordpress.org/support/plugin/admin-site-enhancements/) * [Active Topics](https://wordpress.org/support/plugin/admin-site-enhancements/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/admin-site-enhancements/unresolved/) * [Reviews](https://wordpress.org/support/plugin/admin-site-enhancements/reviews/) * 11 replies * 2 participants * Last reply from: [Bowo](https://wordpress.org/support/users/qriouslad/) * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/apache-mod_security-waf-problems/#post-18415021) * Status: resolved