Hi currently im watching my website showing the info if my IP is on whitelist in my webhost if it doesn't, then it wont get the news or load correctly php/JS.
The reason for this happen is the following but idk if some of you have had this before and if is an http request function missing or some protocol of server-sides (common one).
Error from server-side :
[client ip ... ] ModSecurity: Access denied with code 501 (phase 2).
Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required.
[file "/usr/local/apache/conf/modsec2.user.conf"]
[line "38"]
[id "1234123435"]
[msg "Method is not allowed by policy"]
[severity "CRITICAL"]
[tag "POLICY/METHOD_NOT_ALLOWED"]
[hostname "link"]
[uri "/showTopNews"]
[unique_id "WVukp1ka8AEAChYSbGQAAAAP"]
That's a mod_security2 error. More specifically, caused by rule 1234123435
Seems you're violating the REQUEST_METHOD regex. The accepted request types are POST, GET, OPTIONS, HEAD.
You have a few options:
1) fix the request type in your code (use a type that is allowed - open Developer Tools and watch the Newtork tab to see what you're sending)
2) update your rule to allow other types as well (not extremely dangerous if you know what you're adding)
3) You can remove the rule altogether by using this in your apache vhost .conf file (it won't work in .htaccess):
<IfModule mod_security2.c>
SecRuleRemoveById 1234123435
</IfModule>
I'd go with the first one.
The limitation to those 4 request types is fairly reasonable. But it does exclude some types. See HTTP/Methods for more details