Since yesterday we are seeing several support cases were customers are locked out of their websites by fail2ban as it reacts to a ModSecurity 403 error. That is caused by rule 222212 in Wordpress installations, for example as follows:
ModSecurity lately feels offended by Wordpress in several customer installations, is triggered by rule 222212
Code:
[client 77.123.123.12] ModSecurity: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "3792"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"]...