Customizer preview hits standard Comodo mod_security rules

  • Resolved Ross Wintle

    (@magicroundabout)


    11 years, 10 months ago

    I started off discussing this in this thread. But now I have an idea of what’s going on I thought I’d post it separately.

    The issue is that the preview doesn’t load in the customizer. You get the customizer panel on the left, but the right-hand-side is a white-screen-of-death. Inspector shows that this is because the request to load the preview is returning a 403 Forbidden status.

    It turns out that this is because my (shared) host is using the Comodo mod_security ruleset (presumably: https://waf.comodo.com/) and your POST data submitted when requesting the preview from the customizer is matching a rule which is blocking the preview.

    I want to report this for two reasons:

    1) You may want to identify the field that’s matching the rule and and change it’s name, or whatever, so that it doesn’t match the rule.
    2) You may have – or you may have in future – other people who run into this problem on their host, and need to tell them what’s up.

    My host says that false positives on the Comodo rules are “not uncommon” and it seems easy to remove the rules. But if this is happening to other people then you may want to do something about it.

    Thanks

    Ross

Viewing 3 replies - 1 through 3 (of 3 total)
  • Corey McKrill

    (@jupiterwise)

    11 years, 10 months ago

    Hey Ross!

    Thanks for digging into this and giving such a detailed report. It does seem likely that other shared hosting users could be affected by this. Could your host potentially tell you which rule in particular is getting triggered?

    Or if not, maybe we can narrow it down if you can give us a list of the Customizer options that you have changed from their defaults.

    Zack Tollman

    (@tollmanz)

    11 years, 10 months ago

    Hi Ross!

    As Corey indicated, thanks for this report!

    Is it possible for your host to provide us information about which rule it is triggering? This would make it easier to get to the bottom of this.

    Additionally, do you get this problem with any of the WordPress default themes?

    Thanks!

    mapplesheep

    (@mapplesheep)

    11 years, 9 months ago

    Hi,

    I don’t know if it’s a good idea to post this here(resolved), but I got this problem.

    Everything was working well untill a few days for me, then, “white-screen-of-the-death” in custom area. This is kind of annoying.
    I don’t understand well what you’re saying about security rules and host. I there any solution to get the problem fixed ?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Customizer preview hits standard Comodo mod_security rules’ is closed to new replies.