mod_security rule [Id '-1'] triggered! ModSecurity: Access denied with code 403

While updating the contents in any of the CMS, I was getting a 403 error on the Litespeed server.

Below are the Error log - (tail -f /usr/local/apache/logs/error_log | grep IP address )

2016-11-02 19:55:14.148 [NOTICE] [IP Address :HTTP2-1] mod_security rule [Id '-1'] triggered!
[Wed Nov 2 19:55:14 2016] [error] ModSecurity: Access denied with code 403,
[Rule: 'TX:0' '!@pmFromFile userdata_wl_content_type']
2016-11-02 19:55:14.148 [NOTICE] [IP Address:54100:HTTP2-1] Content len: 1276, Request line:
'PUT /ajax/api/static-pages/2 HTTP/1.1'
2016-11-02 19:55:14.148 [INFO] [IP Address49:54100:HTTP2-1] Cookie len: 36,
2016-11-02 19:55:14.148 [NOTICE] [IP Address:54100:HTTP2-1] Redirect: #1,
URL: /index.php
2016-11-02 19:55:14.148 [INFO] [IP Address:54100:HTTP2-1] File not found


1. Find out the mod security rules which are triggered by checking apache error logs. You can also check the modsec audit logs.
Apache error logs - tail -f /usr/local/apache/logs/error_log | grep IP address
Mod security audit log location - /usr/local/apache/logs/modsec_audit.log

2. You can also check the rules which are being triggered from WHM >> Mod Security Tools.

3. Once you'll get the rule, white-list them from WHM >> ConfigServer ModSecurity Control. You can either globally white-list the rule or can white-list for a particular user.

Globally white-listing the mod security rule - WHM >> ConfigServer ModSecurity Control >> ModSecurity rule ID list >> Enter the Rule ID >> Save Global whitelist.

White-listing the mod security rule for particular user - WHM >> ConfigServer ModSecurity Control >> Select the user from drop-down list >> Modify User whitelist >> ModSecurity rule ID list >> Save whitelist for all accessible domain.

4. If there is still error then please use the debug tool in your web browser, find out the HTTP header. HTTP Headers tell you the content type and white-list those contents type on the server on below file -

You'll need to do below server-wide changes -

cd /usr/local/apache
Put your Content-Type in whitelist here -
cat /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/userdata_wl_content_type

Below are some example header type for your reference -


5. Rebulit the 'httpdconf' file - /scripts/rebuildhttpdconf

6. Restart the 'Litespeed' service - service lsws restart

Now, try to replicate the issue, it will be fixed. 

Note:- You can usually use Chome/Firefox developer tools to get the HTTP header ( right click on page >> Inspect Element).

Let me know if you've any thoughts
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

This webpage is not found - Cannot export database

While exporting the database zip file from cPanel >> phpMyAdmin as well from SSH, I was...

How to configure Amazon S3 backups in WHM?

There is always issues on the server like Hard Drive Failures and its very important to keep your...

cPanel::Exception::IO::UnlinkError/(XID) The system failed to unlink- phpMyAdmin error

While accessing the phpMyAdmin, I was getting the error as below - Internal Server...

Loopback test error: `Operation timed out after 8000 milliseconds with 0 bytes received - WordPress issue

I was getting below while generating backup from BackupBuddy ( in WordPress ) on LiteSpeed server...

Auto Index is disabled for the directory, access denied : 403 forbidden

While accessing the directories of website (http://webiste_name/directory_name) getting 403...

Powered by WHMCompleteSolution