ModSecurity Error

Hi,

I recently activated ModSecurity on my server, and after that, the site was no longer accessible, with a 403 error.

After investigation, I checked that the problem comes from the plugin, because if I disable ModSecurity, the site gets online again, but if I leave ModSecurity active and disable the plugin the site goes online without problems with ModSecurity.

Logs:

[Tue Oct 07 11:21:12.586639 2025] [autoindex:error] [pid 92452:tid 140307857405696] [client 104.23.239.57:0] AH01276: Cannot serve directory /var/www/vhosts/site.com/public_html/wp-admin/css/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Tue Oct 07 12:57:55.181478 2025] [security2:error] [pid 1492817:tid 140117788317440] [client 172.69.134.33:0] ModSecurity: Access denied with code 403 (phase 4). Match of “rx \\ssrc=\\x22https:\\/\\/www\\.googletagmanager\\.com\\/ns\\.html\\?id=GTM|\\ssrc=\\x22https:\\/\\/w\\.soundcloud\\.com\\/player\\/\\?url=” against “TX:0” required. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/19_Outgoing_FilterInFrame.conf”] [line “14”] [id “214540”] [rev “5”] [msg “COMODO WAF: Possibly malicious iframe tag in output||site.com|F|3”] [data “Matched Data: <iframe src=\x5c\x5c\x5c\x22https:\x5c\x5c\x5c/\x5c\x5c\x5c/www.googletagmanager.com\x5c\x5c\x5c/ns.html?id=GTM-KX4B3KLB\x5c\x5c\x5c\x22\x5c\x5cn\x5c\x5ct\x5c\x5ct\x5c\x5ct\x5c\x5ct\x5c\x5ctheight=\x5c\x5c\x5c\x220\x5c\x5c\x5c\x22 width=\x5c\x5c\x5c\x220\x5c\x5c\x5c\x22 style=\x5c\x5c\x5c\x22display:none found within TX:0: <iframe src=\x5c\x5c\x5c\x22https:\x5c\x5c\x5c/\x5c\x5c\x5c/www.googletagmanager.com\x5c\x5c\x5c/ns.html?id=GTM-KX4B3KLB\x5c\x5c\x5c\x22\x5c\x5cn\x5c\x5ct\x5c\x5ct\x5c\x5…”] [severity “ERROR”] [tag “CWAF”] [tag “FilterInFrame”] [hostname “site.com”] [uri “/index.php”] [unique_id “aOUAQ3gMG46rids2EtafHQAAAA8”], referer: http://site.com
[Tue Oct 07 12:57:55.181728 2025] [security2:error] [pid 1492817:tid 140117788317440] [client 172.69.134.33:0] ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf”] [line “38”] [id “214940”] [rev “2”] [msg “COMODO WAF: Outbound Points Exceeded| Total Points: 4|site.com|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “FiltersEnd”] [hostname “site.com”] [uri “/error_docs/forbidden.html”] [unique_id “aOUAQ3gMG46rids2EtafHQAAAA8”], referer: http://site.com
[Tue Oct 07 13:08:14.765331 2025] [security2:error] [pid 1499140:tid 140118633514752] [client 104.23.199.175:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase “/.env” at REQUEST_URI. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf”] [line “117”] [id “210492”] [rev “3”] [severity “CRITICAL”] [tag “CWAF”] [tag “Generic”] [hostname “site.com”] [uri “/.env”] [unique_id “aOUCrhTIQn1lyhke6GTm5wAAAMQ”]
[Tue Oct 07 13:22:57.711754 2025] [security2:error] [pid 1499140:tid 140118090290944] [client 172.70.47.112:0] ModSecurity: Access denied with code 403 (phase 4). Match of “rx \\ssrc=\\x22https:\\/\\/www\\.googletagmanager\\.com\\/ns\\.html\\?id=GTM|\\ssrc=\\x22https:\\/\\/w\\.soundcloud\\.com\\/player\\/\\?url=” against “TX:0” required. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/19_Outgoing_FilterInFrame.conf”] [line “14”] [id “214540”] [rev “5”] [msg “COMODO WAF: Possibly malicious iframe tag in output||site.com|F|3”] [data “Matched Data: <iframe src=\x5c\x5c\x5c\x22https:\x5c\x5c\x5c/\x5c\x5c\x5c/www.googletagmanager.com\x5c\x5c\x5c/ns.html?id=GTM-KX4B3KLB\x5c\x5c\x5c\x22\x5c\x5cn\x5c\x5ct\x5c\x5ct\x5c\x5ct\x5c\x5ct\x5c\x5ctheight=\x5c\x5c\x5c\x220\x5c\x5c\x5c\x22 width=\x5c\x5c\x5c\x220\x5c\x5c\x5c\x22 style=\x5c\x5c\x5c\x22display:none found within TX:0: <iframe src=\x5c\x5c\x5c\x22https:\x5c\x5c\x5c/\x5c\x5c\x5c/www.googletagmanager.com\x5c\x5c\x5c/ns.html?id=GTM-KX4B3KLB\x5c\x5c\x5c\x22\x5c\x5cn\x5c\x5ct\x5c\x5ct\x5c\x5…”] [severity “ERROR”] [tag “CWAF”] [tag “FilterInFrame”] [hostname “site.com”] [uri “/index.php”] [unique_id “aOUGIRTIQn1lyhke6GTntQAAAM0”]
[Tue Oct 07 13:22:57.712042 2025] [security2:error] [pid 1499140:tid 140118090290944] [client 172.70.47.112:0] ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf”] [line “38”] [id “214940”] [rev “2”] [msg “COMODO WAF: Outbound Points Exceeded| Total Points: 4|site.com|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “FiltersEnd”] [hostname “site.com”] [uri “/error_docs/forbidden.html”] [unique_id “aOUGIRTIQn1lyhke6GTntQAAAM0”]

Thanks