HTTP Error 403.0, often triggered by ModSecurity rules, can be a frustrating roadblock for website owners. ModSecurity is a powerful web application firewall designed to protect your web applications from various threats. However, it may sometimes block legitimate requests, causing the infamous Error 403.0.
This article provides you with steps to whitelisting ModSecurity rules in your WSP Control Panel.
Step 1 – Login to WSP
- Go to any internet browser and type http://cp.cpt.wa.co.za
- Log in with your WSP username and password received during your application.
Step 2 – Go into the wwwroot of the website and create a file called disabled_rules.conf
Step 3 – Edit the file
- Edit the file and insert the following line:
SecRuleRemoveByID <RULEIDTRIGGERED>
Example from above, you will enter:
SecRuleRemoveByID 981173
You can make use of the following list, if any further errors pop, please speak to one of the seniors.
SecRuleRemoveByID 200002
SecRuleRemoveByID 950120
SecRuleRemoveByID 950901
SecRuleRemoveByID 959072
SecRuleRemoveByID 960035
SecRuleRemoveByID 973300
SecRuleRemoveByID 973333
SecRuleRemoveByID 973337
SecRuleRemoveByID 973338
SecRuleRemoveByID 981172
SecRuleRemoveByID 981173
SecRuleRemoveByID 981231
SecRuleRemoveByID 981257
- Click Create
Step 4 – Lastly Edit the web.config file
At the bottom of the system.webserver section, add the following:
<ModSecurity enabled=”true” configFile=”<FULL PATH>disabled_rules.conf” />
<FULL PATH> refers to the file path on the server e.g F:Domainsusernamedomainnamewwwroot
Please note: Ensure spacing is correct as it will break site if not
This line will call the above-created .conf file and exclude the rule
See below example of the line added to web.config: