ModSecurity OWASP Allow Rules For Formidable Forms

By: Victor Font | Asked: 11/04/2024
ForumsCategory: General questionsModSecurity OWASP Allow Rules For Formidable Forms
Victor Font asked 2 months ago
After upgrading my dedicated server a few weeks ago, Formidable Forms began failing when adding custom code to forms and views. The root cause is false ModSecurity positives for XSS scripting violations. I reported this to Strategy 11 and had a cybersecurity expert examine my analysis. The conclusion is that Formidable Forms remains perfectly safe to use and the false positives are just that, false positives. If you have a self-managed server, VPS, or are on a shared server and are having issue with the latest OWASP Core Rule Set for ModSecurity, you can get the Formidable Forms Allow Rule Set for OWASP v.3.x on Formidable Masterminds. Formidable Forms Triggers Multiple False ModSecurity™ Positives
1 Answers
Matt Grimes answered 1 month ago
had this happen too, i just added the ID of the infraction to modsecurity to bypass that rule
Victor Font replied 1 month ago

Using the infraction ID may be too broad. Disabling a rule disables it everywhere.

Making the Best WordPress Plugin even better - Together

Take on bigger projects with confidence knowing you have access to an entire community of Formidable Experts and Professionals who have your back when the going gets tough. You got this!
Join the community
crossarrow-right