ModSecurity: Access denied with code 403 (phase 2). Woocommerce

If you are using WordPress & Woocommerce in combination with mod_security2, you may have some false positives.
In case you are having issues, you can use the Apache (.htaccess for example) “whitelist” below. This of course as an example.

  <LocationMatch "/">   SecRuleRemoveById 910006 # Google robot activity - Useful in someways but noisy for sites where you want them crawled   SecRuleRemoveById 960015 # Request Missing an Accept Header -  Allow for Google Reader   SecRuleRemoveById 950901 # Another False One   SecRuleRemoveById 981172 # SQL Injection False Positive   SecRuleRemoveById 981319 # Breaks woocommerce   SecRuleRemoveById 960009 # Request_Headers False Positive   SecRuleRemoveById 981173 # False Positive that blocks admin scripts   SecRuleRemoveById 981231 # False Positive   SecRuleRemoveById 958291 # False Positive - WordPress   SecRuleRemoveById 950109 # Breaks Steam Auth    SecRuleRemoveById 970901 # Breaks forums when in deactive mode
</LocationMatch>  <LocationMatch "/admin.php">   SecRuleRemoveById 973338 # Breaks disturbia admin functions   SecRuleRemoveById 981243 # Breaks user edit if user has special characters in their name </LocationMatch>
 <LocationMatch "/wp-admin/post.php|/wp-admin/admin-ajax.php">   SecRuleRemoveById 981248 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981240 # WordPress Post Page SQL Injection.   SecRuleRemoveById 950907 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981318 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981251 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981244 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981255 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981249 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981242 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973334 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973334 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981231 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973332 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973327 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973324 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973317 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973306 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973302 # WordPress Post Page SQL Injection.   SecRuleRemoveById 958056 # WordPress Post Page SQL Injection.   SecRuleRemoveById 958030 # WordPress Post Page SQL Injection.   SecRuleRemoveById 958057 # WordPress Post Page SQL Injection.   SecRuleRemoveById 981256 # WordPress Post Page SQL Injection.   SecRuleRemoveById 959073 # WordPress Post Page SQL Injection.   SecRuleRemoveById 959072 # WordPress Post Page SQL Injection.   SecRuleRemoveById 950001 # WordPress Post Page SQL Injection.   SecRuleRemoveById 973335 # WordPress Post Page XSS block.   SecRuleRemoveById 973333 # WordPress Post Page XSS block.   SecRuleRemoveById 973304 # WordPress Post Page XSS block.   SecRuleRemoveById 973300 # WordPress Post Page XSS 403 block.   SecRuleRemoveById 981243 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 981246 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 981245 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 981257 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 981173 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 960024 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 981317 # WordPress Post Page SQL Injection 403 block.   SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments. </LocationMatch>
 <LocationMatch "/xmlrpc.php">   SecRuleRemoveById 981173 </LocationMatch>
 <LocationMatch "/development/*">   SecRuleRemoveById 981173 </LocationMatch>
 <LocationMatch "/wp-admin/network/update-core.php|/wp-admin/network/update.php">   SecRuleRemoveById 981173 # Update Core SQL Injection </LocationMatch>
 <LocationMatch "(/wp-admin/|/wp-login.php)">   SecRuleRemoveById 950005 # Remote File Access Attempt - Probably no need to be disabled by everyone; it allows me putting /etc/ and other linux paths in posts.   SecRuleRemoveById 973301 # XSS   SecRuleRemoveById 950109 # Multiple URL encoding   SecRuleRemoveById 950117 # Remote File Inclusion Attack - Disable to allow http:// to be passed in args </LocationMatch>
 <LocationMatch "(/wp-admin/themes.php|/wp-admin/options.php|/wp-admin/theme-editor.php|/wp-content/plugins/)">   SecRuleRemoveById 950907 # System Command Injection   SecRuleRemoveById 950005 # Remote File Access Attempt - Probably no need to be disabled by everyone; it allows me putting /etc/ and other linux paths in posts.   SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments.   SecRuleRemoveById 959006 # SQL Injection Attack -   SecRuleRemoveById 960008 # Request Missing a Host Header   SecRuleRemoveById 960011 # GET or HEAD requests with bodies   SecRuleRemoveById 960904 # Request Containing Content, but Missing Content-Type header   SecRuleRemoveById 981173 # SQL Injection   SecRuleRemoveById phpids-17 # Detects JavaScript object properties and methods   SecRuleRemoveById phpids-20 # Detects JavaScript language constructs   SecRuleRemoveById phpids-21 # Detects very basic XSS probings   SecRuleRemoveById phpids-30 # Detects common XSS concatenation patterns 1/2   SecRuleRemoveById phpids-61 # Detects url injections and RFE attempts </LocationMatch>
 <LocationMatch "/wp-includes/">   SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments.   SecRuleRemoveById 959006 # SQL Injection Attack -   SecRuleRemoveById 960010 # Request content type is not allowed by policy - Allows for amongst other things spell check to work on admin area   SecRuleRemoveById 960012 # Require Content-Length to be provided with every POST request - Same as above   SecRuleRemoveById phpids-17 # Detects JavaScript object properties and methods   SecRuleRemoveById phpids-20 # Detects JavaScript language constructs   SecRuleRemoveById phpids-21 # Detects very basic XSS probings   SecRuleRemoveById phpids-30 # Detects common XSS concatenation patterns 1/2   SecRuleRemoveById phpids-61 # Detects url injections and RFE attempts </LocationMatch>
Share your love