My ISP blocks my site since modesecurity reports abuse

My ISP blocks my site since modesecurity reports abuse becuase of incorrect call to admin-ajax.php.
This happens after I activated WPMUDEV Panel and started to use PopUp Pro with default settings (WordPress Ajax).
Is there a problem with the plugin or my settings?
My ISP says he can disable modsecurity but I would like to keep it on?
What do I need to keep it and PopUp Pro working?

From the logs:
[Sun Sep 06 13:45:06.331202 2015] [:error] [pid 1028464] [client xx.xxx.xxx.xx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:thefrom. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "1234123440"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "xxxx.se"] [uri "/wp-admin/admin-ajax.php"] [unique_id "VewnQlETsnsAD7FwN0QAAAAJ"]

  • Sajid

    Hi @Joakim

    Hope you are doing good today :slight_smile:

    There should not be any issue with PopUp pro plugin ajax feature. Also we have not reported any security issues with it before.

    I can see the log indicates there is a pattern that it does not allow to execute. Do you using any regular expression in PopUp ?

    Also there are other methods to load the PopUp e.g. "Page Footer", "Custom Ajax" and "Anonymous Script". You can try one of these options too.

    Take care and have a nice day :slight_smile:

    Cheers, Sajid