OVERVIEW
Since the release of WooCommerce 8.5.1 on 2024-01-15, there have been reports about stores showing "403 Forbidden" errors caused by WooCommerc'es update and the Comodo ruleset version 1.240 in Mod Security, while the stores Order Attribution feature is enabled.
Plesk identified the ruleset ID 218500 as the issue with 8.5.1
Below is a workaround until WooCommerce works on a solution.
UPDATE:
Comodo's new ruleset version 1.241 released on 2024-01-21 has fixed this issue.
All Starburst Services servers have been updated to this version.
READ ME FIRST
As with all configuration files, custom_user.conf is powerful.
Even the slightest syntax error (like a missing space) can result in your content not displaying correctly or at all.
This article is provided as a courtesy.
Installing, configuring, and troubleshooting third-party applications is outside the scope of basic support provided by Starburst Services.
INSTRUCTIONS
Login to the CWP Admin Panel
Goto the Security tab and click on Mod Security.
On the Right side, under Quick Actions, click on Disabled rules
A box will pop-up saying, 'Editing: /usr/local/apache/modsecurity-cwaf/custom_user.conf'
Add the following line:
SecRuleRemoveById 218500
Click on Save
Still under Quick Actions, and under Apache Webserver, click on Reload, then Restart
RESOURCES
KB Article Created: 2024-01-20
KB Article Updated: 2024-03-24