xmlrpc.php vs mod_security

mikussikus

Verified User
Joined
Dec 21, 2022
Messages
21
I have an issue with xmlrpc.php becuase I disabled this option in wordpress add_filter( 'xmlrpc_enabled', '__return_false' ); but I still see in ModSecurity logs POST /xmlrpc.php HTTP/1.1. I can't understand why sometimes it's has another ID rules.

On page I checked that if xmlrpc.php is disable on ma page.
 
Hello,

Your request seems to be too ambiguous. Will you clarify your thoughts please. This might help you to get a reply from users faster.
 
Hi,

In the ModSecurity log I see an xmlrpc.php juice entry, so I disabled xmlrpc in wordpress for the domain in question, but the logs still show up.
 

Attachments

  • log.jpg
    log.jpg
    78.8 KB · Views: 85
disable in web application, doesn't meant it disabled checking from modsecurity. You should disabled rules at Modsecurity too.
 
Back
Top