OWASP conflict
-
Ok, so I have found that there is a conflict when you have OWASP REQUEST-31-APPLICATION-ATTACK-RFI activated in WHM with WordPress MU Domain Mapping.
See this link for more information on OWASP REQUEST-31-APPLICATION-ATTACK-RFI – https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS#OWASPModSecurityCRS-REQUEST-31-APPLICATION-ATTACK-RFI
When activated, logging into the main site on a multisite network no longer also logs you into sites with a non-sub domain of the multisite network that have been domain mapped.
However, all sites using sub domains of the network set as primary in the WordPress MU Domain Mapping plugin for that site do login for the user logging into the main site.
This issue goes away with the above component in question disabled in WHM.
I welcome your thoughts!!!
https://www.ads-software.com/plugins/wordpress-mu-domain-mapping/
- The topic ‘OWASP conflict’ is closed to new replies.
