Title: WooCommerce Plugin is triggering ModSec rules
Last modified: October 20, 2018

---

# WooCommerce Plugin is triggering ModSec rules

 *  Resolved [Kanger](https://wordpress.org/support/users/kanger/)
 * (@kanger)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/woocommerce-plugin-is-triggering-modsec-rules/)
 * Hello
 * After my host (EUKhost) looking into the issue… my cart/checkout pages weren’t
   working (not pulling JS files) due to the Mod Sec rules which had been triggered
   by the WooCommerce plugin.
 * They have disabled the Mod_sec for now, and want me to check with you what was
   causing the apache error logs? And is it likely to be resolved, as don’t want
   to reinstall mod-sec if your plugin going to continue causing errors especially
   as I have fixed all issues on the website.
 * It was the update that triggered the errors.
 * Please advise as soon as possible.
 * Thank you

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [Kanger](https://wordpress.org/support/users/kanger/)
 * (@kanger)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/woocommerce-plugin-is-triggering-modsec-rules/#post-10800513)
 * These are the error logs:
 * ModSecurity: Access denied with code 406 (phase 2). Pattern match “(?:\\\\b(?:(?:
   type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\
   b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special
   |parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|
   ut)|down|move|up)|ve)| …” at REQUEST_FILENAME. [file “/etc/apache2/conf.d/modsec/
   modsec2.user.conf”] [line “117”] [id “1234123404”] [msg “Cross-site Scripting(
   XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [
   hostname “bargdvd.co.uk”] [uri “/wp-content/plugins/woocommerce/assets/js/js-
   cookie/js.cookie.min.js”] [unique_id “W8rwhprhC3vhYU21@VukmwAAAB8”], referer:
   [https://bargdvd.co.uk/](https://bargdvd.co.uk/)
 *  Thread Starter [Kanger](https://wordpress.org/support/users/kanger/)
 * (@kanger)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/woocommerce-plugin-is-triggering-modsec-rules/#post-10800529)
 * Actually this may all be resolved my end now, but you may want to be made aware
   of potential issue with js.cookie.min.js

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WooCommerce Plugin is triggering ModSec rules’ is closed to new replies.

 * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504)
 * [WooCommerce](https://wordpress.org/plugins/woocommerce/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/woocommerce/)
 * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/)

 * 2 replies
 * 1 participant
 * Last reply from: [Kanger](https://wordpress.org/support/users/kanger/)
 * Last activity: [7 years, 6 months ago](https://wordpress.org/support/topic/woocommerce-plugin-is-triggering-modsec-rules/#post-10800529)
 * Status: resolved