Hi all, I got a wordpress website that doesn't load any image due to 403 errors related with modsecurity rules. The problem is that under logs I can't find any ID in order to exclude it. Example log; root@web2:/etc/modsecurity/rules# cat /var/log/apache2/modsec_audit.log --cf1b3b19-A-- [05/Oct/2022:17:24:43 +0300] Yz2TqyB8mvixTGU9pbt2YgAAAAs 95.217.8.124 57148 168.119.122.191 443 --cf1b3b19-B-- GET /wp-content/uploads/2020/02/enjoyHorizontalSmall.png HTTP/1.1 Host: www. mydomain.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,*/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www. mydomain.com/services/sea-kayak-day-trips/ Cookie: _ga_BBH3GWJ9TN=GS1.1.1664976416.16.1.1664976818.0.0.0; _ga=GA1.2.1009653014.1659290474; pixelcat_id=ffd99a6f85; _fbp=fb.1.1659290482963.1375261013; _gid=GA1.2.1329457654.1664976417; wp-wpml_current_admin_language_d41d8cd98f00b204e9800998ecf8427e=en; wp-settings-1=libraryContent%3Dbrowse%26mfold%3Do%26editor%3Dhtml%26hidetb%3D1%26siteorigin_panels_setting_tab%3Dgeneral%26advImgDetails%3Dshow%26imgsize%3Dthumbnail%26posts_list_mode%3Dlist%26editor_plain_text_paste_warning%3D2%26uploader%3D1%26widgets_access%3Doff; wp-settings-time-1=1664976540; wp-wpml_current_language=en; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_9556babef9a00f397ce0d793bc31de77=stelios%7C1665149331%7CE799uvyO4cqmkF4eny6ON2AlsT2SxfHpLq84tnyt5Dc%7Ccdcbca2167a0a92bd90e6aacca7608125ba901051faf71e5d9b5ed59dd21ae4c Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin --cf1b3b19-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 13 Nov 2020 16:54:10 GMT ETag: "91a-5b3ffe09d7080" Accept-Ranges: bytes Content-Length: 2330 Cache-Control: max-age=7200, private, must-revalidate Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html --cf1b3b19-H-- Stopwatch: 1664979883090168 7513 (- - -) Stopwatch2: 1664979883090168 7513; combined=5981, p1=1068, p2=4812, p3=0, p4=0, p5=101, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/4.0.0-rc1. Server: Apache Engine-Mode: "ENABLED" --cf1b3b19-Z--
Sorry for the late reply, it was finally a firewall plugin in the Wordpress that was causing the issue.