Here is the solution to fix the issue “Your submission failed. The server responded with (code ). Please contact the developer of this form processor to improve this message. Learn more” on a WordPress AMP blog website.
Screenshot of the WordPress AMP Website Error
Cause of Error
This error is actually a mod security issue. You need to contact your hosting provider to fix it. If you have access to hosting or server settings file, then follow the below steps. If you don’t have access, then send this link to your web hosting vendor or server administrator so that they can help you to fix the problem.
Error in Mod Security Log
[Wed Sep 13 14:20:10.327167 2023] [:error] [pid 2188906:tid 139717928527616] [client 157.44.193.131:49264] [client 157.44.193.131] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:comment" required. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||www.pratishkumar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.pratishkumar.com"] [uri "/wp-comments-post.php"] [unique_id "ZQF3wnCvbjH0-Rufr7IXRAAAAMg"], referer: https://www.pratishkumar.com/dst-root-ca-x3-expired-september-2021/
Complete Solution to Fix the WP AMP Error
Here is the DIY solution on how to fix this problem.
Certainly, to allowlist the __amp_source_origin query parameter and address the specific ModSecurity rule violation, you can add a rule to your ModSecurity configuration. In this case, you want to add __amp_source_origin to the allowlist while still considering the existing rules. Here’s how you can do that:
# Add the __amp_source_origin query parameter to the allowlist
SecRule REQUEST_URI|ARGS_NAMES|ARGS:__amp_source_origin "@streq __amp_source_origin" \
"id:243421,phase:1,pass,nolog,ctl:ruleRemoveById=243420"
# Existing rule (the one that triggered the error)
SecRule REQUEST_URI|ARGS_NAMES|ARGS:comment "validateByteRange 0-31" \
"id:243420,phase:3,t:none,t:urlDecodeUni,t:normalizePath,block,msg:'Access denied.'"
# Any other rules you may haveExplanation of the rules:
- The first rule allows requests where the
__amp_source_originquery parameter exactly matches__amp_source_origin. It uses the@streqoperator for an exact string match. This rule passes the request without logging (pass,nolog) and also removes the rule with ID243420(the one that triggered the error) from the processing chain usingctl:ruleRemoveById=243420. This effectively whitelists the__amp_source_originparameter while still considering the existing rule. - The second rule represents the existing rule (the one that triggered the error). This rule remains in place but is no longer enforced for requests that contain the
__amp_source_originparameter because it was removed by the first rule.
Make sure to place these rules in your ModSecurity configuration appropriately and test thoroughly to ensure that they work as expected. Adjust them based on your specific ModSecurity setup and security requirements.
Quick Fix
If you are using custom file for modsecurity, then follow the simple quick fix like what I did.
Edit: /usr/local/apache/modsecurity-cwaf/custom_user.conf
Add the following code into it.
# Put your custom ModSecurity directives here
# Please don't remove this file
# Add the __amp_source_origin query parameter to the allowlist
SecRule REQUEST_URI|ARGS_NAMES|ARGS:__amp_source_origin "@streq __amp_source_origin" \
"id:243421,phase:1,pass,nolog,ctl:ruleRemoveById=243420"Save the file, restart ModSecurity, and then Reload Apache Webserver. Your issue will be solved.
If this helps, please don’t forget to share this page. If you have any issues in fixing this WP response code error on amp pages or other pages, please use the comment form below. I will try my level to help you.
Reviews and Discussions