ModSecurity triggers 403 error on "open" query admin links

[PWaddict]

With ModSecurity installed on the server, if you go to edit any page (not homepage) and then click for example the homepage on the breadcrumb links, a 403 error will be triggered because the breadcrumb urls ending with ?open=[page ID you're clicking] to keep that parent's children pages opened on the lister.

The "open" must be renamed to something like "pages_open" to prevent false positive triggers.
I don't know if this "open" query is used on other admin areas but it should be definitely renamed everywhere.

[adrianbj]

@PWaddict - why not modify your ModSecurity rules to allow this pattern?

[PWaddict]

@PWaddict - why not modify your ModSecurity rules to allow this pattern?

Don't have access.

[PWaddict]

I asked the hosting provider to whitelist the rule that is causing this false positive since I see nothing about it on my audit logs and they fixed it. When I asked them what was the Rule ID they gave me this: 700038 - ani-shell - php command shell

@ryancramerdesign could you please consider about my suggestion to rename "open" to "pages_open" or something else?

I don't remember clicking before on breadcrumb links on a live server (I think even on localhost too, LOL!!!). I have been informed about this 403 error by a client.