ModSecurity OWASP blocking GTMetrix

bejbi

bejbi

Well-Known Member
PartnerNOC
Jan 20, 2006
168
32
178
Poland
cPanel Access Level
DataCenter Provider
If you are using OWASP rules v. 3.3.4 you can experience problem with GTmetrix service. All requests will serve 403 error.

It is interesting becouse probably GTmetrix sends forbidden header. GTmetrix is blocked by 3 rules:
920450 - request protocol enforcement
949110 - request blocking evaluation
980130 - response corelation

You can disable these rules or add GTmetrix to whitelist (if you need GTmetrix):
cPanel has tutorial for whitelisting: https://support.cpanel.net/hc/en-us...How-to-whitelist-an-IP-address-in-ModSecurity

:wq
 
Last edited by a moderator:
  • Like
Reactions: cPRex
C

ciao70

Well-Known Member
Nov 3, 2006
152
35
178
Hi,

The problem also occurs with other systems after the update of Modsecurity 2.9.6 and Owasp 3.3.4

forums.cpanel.net

Modsecurity 2.9.6 [Fix Security]

Hi, Do you use OWASP CRS? Yes, it is the ruleset causing the issues AFAIK, previously no problems at all.
forums.cpanel.net forums.cpanel.net

Thanks
 
  • Like
Reactions: cPRex
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C OWASP ModSecurity Core Rule Set 3.3.5 [Security Fix] Security 1
A Google bot triggering OWASP modsecurity rule 949110 Security 6
N ModSecurity Vendors OWASP generates a lot of errors in APACHE Security 20
U OWASP ModSecurity Core Rule Set V3.0 notifications Security 3
cPAdminsMichael Experience with the new OWASP ModSecurity CRS 3.3? Security 1
Similar threads
OWASP ModSecurity Core Rule Set 3.3.5 [Security Fix]
Google bot triggering OWASP modsecurity rule 949110
ModSecurity Vendors OWASP generates a lot of errors in APACHE
OWASP ModSecurity Core Rule Set V3.0 notifications
Experience with the new OWASP ModSecurity CRS 3.3?
Top Bottom