Site monitor conflicts with ModSecurity

The connection monitor in MainWP is reporting that sites are down because requests are triggering OWASP rule 920170.

This is because a GET request from MainWP has a non-zero Content-Length header, which is invalid.

While it is possible to disable this rule, this leaves servers open to a range of attacks that the rule is designed to block. I haven’t logged the additional data (yet) but if it’s meaningful, perhaps a POST request would be more appropriate.

Hey @abivia

Welcome to the community!

We will look into the details on why we are triggering that OWASP rule.

In the mean time, can you please try setting the method to HEAD and see if that works around it?

We have made some changes in the MainWP Dashboard, which should help with this.

I’m sending you a pre-release version with these changes via a direct message. Please let us know if it helps.

1 Like

Re-enabling the ModSec rule and pinging sites via POST works.

1 Like

Glad to hear that works.

If you get a chance, please see if the version I sent you works with the GET method without tripping ModSecurity.

The patched version works with GET requests. Thanks!

(I had to upload and unzip it in place, but I suspect that’s an issue on my end.)

1 Like

Great! Thank you for testing it and letting us know.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.