[Solved] Slowness to access WP dashboard – ModSecurity

It was a WordPress website.

The client had a complaint about the slowness while logging into this WordPress website’s dashboard. The website was configured with CloudFlare DNS. After a quick inspection, I suggest him to disable the CloudFlare CDN for his main domain.

This domain was using CloudFlare SSL too. The website was loading without any slowness, only problem with Dashboard.

I checked the Web server’s (Apache) error log and noticed the following errors:

[Wed Aug 09 15:33:48 2017] [error] [client 2.1.2.2] ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified). [hostname "domain.com"] [uri "/wp-admin/index.php"] [unique_id "WYtjmkSr2WIAAcbwMwAAAAAJ"]

[Wed Aug 09 15:33:59 2017] [error] [client 2.1.2.2] ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified). [hostname "domain.com"] [uri "/wp-admin/index.php"] [unique_id "WYtjnkSr2WIAAcgXULgAAAAL"]

Yeah, the ModSecurity was the offender, LOL!! Actually, the WAF (Web Application Firewall) ModSecurity was disabled on that domain.

How to disable Mod security rule for a domain in cPanel server?

Mod security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits using regular expressions and rule sets. It blocks injection attacks which secure your server. We use mod_security1 for Apache1.x and mod_security2 for Apache2.x. In case of mod_security1, we can disable mod_security for a domain using .htaccess file. Read more…

Here the error is:

ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)

This is due to the memory limit to store maximum request body size. To fix this error, we need to increase the values of following parameters:

SecResponseBodyLimit & SecRequestBodyInMemoryLimit

SecResponseBodyLimit

Description: Configures the maximum response body size that will be accepted for buffering.
Syntax: SecResponseBodyLimit LIMIT_IN_BYTES
Example Usage: SecResponseBodyLimit 524228
Scope: Any
Version: 2.0.0
Supported on libModSecurity: Yes
Default: 524288 (512 KB)
Anything over this limit will be rejected with status code 500 (Internal Server Error). This setting will not affect the responses with MIME types that are not selected for buffering. There is a hard limit of 1 GB.

SecRequestBodyInMemoryLimit

Description: Configures the maximum request body size that ModSecurity will store in memory.
Syntax: SecRequestBodyInMemoryLimit LIMIT_IN_BYTES
Example Usage: SecRequestBodyInMemoryLimit 131072
Scope: Any
Version: 2.0.0
Supported on libModSecurity: Yes
Default: 131072 (128 KB)
When a multipart/form-data request is being processed, once the in-memory limit is reached, the request body will start to be streamed into a temporary file on disk.

First, locate the ModSecurity configuration file. For a cPanel server, it’s located under /usr/local/apache/conf.

[email protected][/usr/local/apache/conf]# ll modsec2.conf
-rw------- 1 root root 882 Aug  9 15:39 modsec2.conf

Open the configuration file with your favorite text editor and add the following entries:

SecResponseBodyLimit 546870912
SecRequestBodyInMemoryLimit 546870912

If the entries are already there, try to increase its value.

Then “restart” web server.

/etc/init.d/httpd restart

Or

service httpd restart

Cool!!
Try to load the dashboard again. It should load faster as expected!!
Let me know your suggestions as comments.