I administer a server based on Debian with Ispconfig3, and I'm having issues related to image and videos management with the Wordpress CMS: It's possible to upload files, but when I try to insert them in a post, I get a 403 error.
Here's what I get from /var/log/apache2/modsec_audit.log:
[www.mysite.net/sid#xxx][rid#xxx][/robots.txt] Access denied with code 403 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/mod-security/modsecurity_crs_21_protocol_anomalies.conf"] [line "xx"] [id "xxx"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
Now, If I set SecRuleEngine to Off, everything works, but of course it's not a good solution.
Setting up rules on .htaccess could maybe do the trick, but I don't know where to start from.
Could anybody provide a link or a suggestion to solve the problem?