WSP: Resolving HTTP Error 403.0 – ModSecurity Action

This article provides you with steps to whitelisting ModSecurity rules in your WSP ControlPanel.

 

 

Step 1 – Login to WSP

  • Go to any internet browser and type http://cp.cpt.wa.co.za
  • Log in with your WSP username and password received during your application.

 

 

 

 

Step 1 – Go into the wwwroot of the website and create a file called disabled_rules.conf

 

 

Step 2 – Edit the file

 

  • Edit the file and insert the following line:

 

SecRuleRemoveByID <RULEIDTRIGGERED>

Example from above, you will enter:

SecRuleRemoveByID 981173

 

You can make use of the following list, if any further errors pop, please speak to one of the seniors.

 

SecRuleRemoveByID 200002
SecRuleRemoveByID 950120
SecRuleRemoveByID 950901
SecRuleRemoveByID 959072
SecRuleRemoveByID 960035
SecRuleRemoveByID 973300
SecRuleRemoveByID 973333
SecRuleRemoveByID 973337
SecRuleRemoveByID 973338
SecRuleRemoveByID 981172
SecRuleRemoveByID 981173
SecRuleRemoveByID 981231
SecRuleRemoveByID 981257

 

  • Click Create

 

 

 

Step 3 – Lastly Edit the web.config file

At the bottom of the system.webserver section, add the following:

 

<ModSecurity enabled=”true” configFile=”<FULL PATH>disabled_rules.conf” />

 

<FULL PATH> refers to the file path on the server e.g  F:Domainsusernamedomainnamewwwroot

Please note: Ensure spacing is correct as it will break site if not

This line will call the above-created .conf file and exclude the rule

See below example of the line added to web.config:

 

 

 

 

 

Was this post helpful?