We have recently had a few customers tell us that they are unable to Push content to their Target sites. Some investigation has led to the discovery that the Mod_Security module for Apache is blocking these API requests, so instead of receiving a JSON encoded response from our API endpoint on the Target, we see the following:
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
What is Mod_Security?
From the modsecurity.org web site, “ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.”
In simple terms, Mod_Security is part of your web server. It is not a WordPress plugin or anything you can configure from within the WordPress admin area.
Why is this happening?
There does not appear to be a recent update to Mod_Security. This leads us to conclude that a few hosting companies have recently changed their configuration of Mod_Security in an effort to make your website more secure. This is a good thing, since site security is important.
What to do?
Since Mod_Security is installed and configured on your host, this means that the host configuration needs to be updated. Specifically, you need to add the IP addresses of any web sites using WPSiteSync to Push Content to your host. This would mean any staging servers, as well as your local IP address for any locally hosted test site that will be Pushing Content to the site. You can make the change to your modsecurity.conf file and add a rule such as:
SecRule REMOTE_ADDR “@contains 127.0.0.1” “id:1,phase:1,nolog,allow,ctl:ruleEngine=Off”
Where the 127.0.0.1 is your Source site’s IP address.
The following articles can provide more instructions:
You can also contact your hosting company. Their support team will be able to assist you with making any necessary changes.
Being the Product Architect at ServerPress, LLC, Dave brings 35+ years of experience bridging traditional architecture with innovative Workflow solutions. Creator of WPSiteSync, among many other products, he loves pushing technology to the limit. His motto: No coffee. No code.