Getting 403 when saving Page optimization setting ? ModSecurity




Start » Support for LiteSpeed Cache Plugins » Wordpress LScache Plugin » Getting 403 when saving Page optimization setting ? ModSecurity

Wordpress LScache Plugin: Getting 403 when saving Page optimization setting ? ModSecurity

Last Updated on: Wed, 15 Apr 2026 00:00:02
In the new version when Hitting save under Page optimization I gets blocked by modsec and get 403 . disabling ModSecurity lets me make changes to it. but i am not able to modify any setting under Page optimization if ModSecurity is ON ? That was not an issue with the previous version. The page I need help with: https://yegara.com/demo/wp-admin/admin.php?page=litespeed-page_optm Hi, Could you please provide the mod_sec log about that trigger ? Best regards, 941100: XSS Attack Detected via libinjection Request: POST /demo/wp-admin/admin.php?page=litespeed-page_optm Action Description: Access denied with code 200 (phase 2). Justification: Test REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/ against @detectXSS is true. and 949110: Inbound Anomaly Score Exceeded (Total Score: 15) Request: POST /demo/wp-admin/admin.php?page=litespeed-page_optm Action Description: Access denied with code 403 (phase 2). Justification: Test TX:ANOMALY_SCORE against @ge % tx.inbound_anomaly_score_threshold is true. Hi, May I know what ruleset you use ? Best regards, Vendor: OWASP3 OWASP ModSecurity Core Rule Set V3.0 SpiderLabs OWASP curated ModSecurity rule set https://docs.cpanel.net/knowledge-base/security/owasp-modsecurity-crs/ Hi, I set up cPanel , WP , and LSCWP , also OWASP , but seems I can not reproduce it. May I know if there is any specific steps to trigger this error ? Best regards, Nothing specific, Just installing the plugin on fresh WP and hitting any of the save button On Page optimization will trigger it. Did you set it up on litespeed web server (Web Host Professional) that is what i am using? I asked that because COMODO WAF has its own Rule set specific for litespeed. https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/comodo-as-a-modsecurity-vendor-in-cpanel-t110147.0.html Maybe OWASP has issues with litespeed webserver ? For now I have turned off OWASP as a vendor and started using COMODO ModSecurity Rules for LiteSpeed Hi, Yes , same license , on cPanel/WHM , and OWASP ruleset from WHM setting. Id say this could be a false-positive alert , you can simply disable that rule ID if you want to use OWASP, but Comodo is also good alternative. Best regards,



LiteCache Rush: Speed comes from using less, not from doing it faster



Reference