ModSecurity returns 403 forbidden in administrator article manager

by Gillian Steedman   Last Updated March 21, 2017 20:10 PM

I am getting 403 Forbidden messages in the Joomla 3.6.5 admin panel when I (as Super User) attempt to:

  1. Select any page from 2 to end
  2. Change the articles per page from the default 20
  3. Search for an article using the keyword search box
  4. Filter articles by article category

If I disable ModSecurity in cPanel I don't have this problem, but my hosting providers do not recommend disabling ModSecurity. The rule that is being triggered is:

Message: Access denied with code 403 (phase 2). Test 'ARGS:view|ARGS:tmpl|ARGS:layout' against '!(^[0-9a-z-:]+$|^$)' is true. [*** [id "390606"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection"] [severity "CRITICAL"] [MatchedString "filter[search]="]

I have no access to ModSecurity other than to enable or disable it in cPanel.

The weird thing is that this happens on two websites, using the same template, on my reseller account, but I don't get these problems on the reseller account website itself or any of its subdomains. But my hosting provider tells me that all ModSecurity rules are the same.

They also say "The problem is the Joomla installs are tripping over Mod_security rules in regards to Argument injections etc. this is because of the way Joomla is programmed and Mod_Security rules are saying this is not a secure way of doing it"

We've been going round and round in circles so I'm posting here in the hope that someone else may have had this issue and found a solution.



Related Questions