John Davidson

Message:

I would like to adapt the administration urls of my wordpress site so that they work with modsecurity rules. Indeed, I use a waf which manages incoming traffic. Modsecurity is installed on waff. Also, I don't have access to this waf, just to my back server. I use apache

---

My Answer:
To work around the 406 blocks from Modsecurity, you can try the following steps:

1. Disable Modsecurity for the specific URLs that are being blocked. You can do this by adding the following code to your .htaccess file:



SecRuleRemoveById 123456 # Replace 123456 with the rule ID that is causing the block



2. Change the administration URLs of your WordPress site to avoid triggering the Modsecurity rules. You can do this by modifying the wp-config.php file and adding the following lines:


define('WP_HOME', 'http://example.com');
define('WP_SITEURL', 'http://example.com');


Replace 'http://example.com' with your actual domain.

3. If the above steps do not work, you may need to contact the administrator of the WAF to whitelist the specific URLs that are being blocked by Modsecurity.

4. Additionally, you can check the Modsecurity logs on your server to identify the specific rules that are causing the blocks and try to find a workaround for them.

By following these steps, you should be able to administer your WordPress site despite the 406 blocks from Modsecurity.