403 error when setting permalinks to symlinks

[lachlanphillips]

Hi, as the title says, this image gives a hard 403 error if you change the permalink structure from the default to eg "post name"

Repro: wp-admin -> Settings -> Permalinks -> Set to 'post name'.

Are there any workarounds for this at present?

[sych74]

Hi @lachlanphillips The issue related to mod security rules. ModSecurity: Access denied with code 403, [Rule: 'REQUEST_BODY|XML:/*' '@validateUrlEncoding'] [id "210380"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt"] [logdata "_wpnonce=b108e68f63&_wp_http_referer=/wp-admin/options-permalink.php&selection=/%postname%/&permalink_structure=/%postname%/&category_base=&tag_base=&submit=Save Changes=_wpnonce=b108e68f63&_wp_http_referer=/wp-admin/options-permalink.php&selection=/%postname%/&permalink_structure=/%postname%/&category_base=&tag_base=&submit=Save Changes"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"]

as workarounds please disable WAF before installing cluster

or disable WAF on the installed cluster via Change Environment Topology

we will escalate the issue with COMODO rules to developers and let you know about the results

regards,

[sych74]

Hi @lachlanphillips We have tested the WAF issue with the litespeed development team. This problem is reproduced on the server version 6.0 and it also present in version 6.0.1. Litespeed developers have prepared a build where this problem has been fixed. We will update the litespeedphp template and after that you can redeploy to a new template and enable the WAF. We will let you know when a new template will be available.

regards,

[sych74]

Hi @lachlanphillips The template Litespeed WEB 6.0.2 has been published. You can redeploy to this version and return the WAF back.

regards,