Rule Exclusions for JetPack Debug at https://jptools.wordpress.com/debug/ #4039

Danrancan · 2025-03-08T14:39:05Z

Description

I am running Modsecurity on a LEMP server running Ubuntu 22.04. I have it set up with a wordpress installation. I have installed the Jetpack plugin for wordpress, and when I go to the Jetpack Debug tools at https://jptools.wordpress.com/debug/ and enter my website address https://oddcake.net, I get the following error:

Debug
Communication error
We were unable to make an XML-RPC request to your website. Please make sure that XML-RPC is turned on and that Jetpack is installed, activated and connected with your WordPress.com account. If the error persists, try disconnecting and connecting Jetpack again.

So far, I have tried the following Rule Exclusions, but they don't seem to work, and I cannot figure it out:

SecRule REQUEST_URI "@streq /xmlrpc.php" \
    "id:1300,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveById=942131,\
    ctl:ruleRemoveById=942430,\
    ctl:ruleRemoveById=932380,\
    ctl:ruleRemoveById=932240,\
    ctl:ruleRemoveById=942131"


SecRule REQUEST_URI "@streq /xmlrpc.php" \
    "id:1301,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveTargetById=942131:ARGS:token,\
    ctl:ruleRemoveTargetById=942430:ARGS:token,\
    ctl:ruleRemoveTargetById=932380:ARGS:token,\
    ctl:ruleRemoveTargetById=932240:ARGS:token,\
    ctl:ruleRemoveTargetById=942131:ARGS:token"

SecRule REQUEST_URI "@streq /" \
    "id:1302,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveTargetById=932240:ARGS:token,\
    ctl:ruleRemoveTargetById=942131:ARGS:token"

I am wondering if someone can help me with the proper rule exclusions to make the JetPack debug tool work. It seems it's having some issues reading the xmlrpc file. Please help?

How to reproduce the misbehavior (-> curl call)

Go to https://jptools.wordpress.com/debug/ and enter https://oddcake.net and test.

Logs

My modsecurity logs were to big to fit in github. So I have posted them on a pastebin here:
https://pastebin.com/G9TKdhAr

Your Environment

CRS version (e.g., v3.3.4): CRS 4.0
Paranoia level setting (e.g. PL1) : 2
ModSecurity version (e.g., 2.9.6): ngx_http_modsecurity_module_v1.0.3.so
Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Nginx v1.27.4 Mainline
Operating System and version: Ubuntu Server 22.04.5 LTS

Confirmation

[ X] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.

The text was updated successfully, but these errors were encountered:

Xhoenix · 2025-03-09T05:45:38Z

Hi @Danrancan, use a exclusion like this:-

SecRule REQUEST_URI "@beginsWith /xmlrpc.php" \
    "id:1300,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveById=942131,\
    ctl:ruleRemoveById=942430,\
    ctl:ruleRemoveById=932380,\
    ctl:ruleRemoveById=932240"

github-actions · 2025-04-21T00:32:47Z

This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days

Danrancan added the ➕ False Positive label Mar 8, 2025

EsadCetiner added the ⏳ awaiting feedback CRS dev asked feedback label Mar 21, 2025

github-actions bot added the Stale issue label Apr 21, 2025

Xhoenix removed the Stale issue label May 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rule Exclusions for JetPack Debug at https://jptools.wordpress.com/debug/ #4039

Rule Exclusions for JetPack Debug at https://jptools.wordpress.com/debug/ #4039

Rule Exclusions for JetPack Debug at https://jptools.wordpress.com/debug/ #4039

Rule Exclusions for JetPack Debug at https://jptools.wordpress.com/debug/ #4039

Comments

Description

How to reproduce the misbehavior (-> curl call)

Logs

Your Environment

Confirmation