Hi @LeonidS

I want to confirm that the solution you offered works, thank you very much.

To create the raw block with the code you provided, I had to disable a rule in mod_security.

First I checked the log in my control panel and sent it to Gemini. The result was that my server log indicated that the web application firewall (WAF) had blocked a legitimate request (false positive) after detecting a pattern it mistook for a Cross-Site Scripting (XSS) attack.

Alert Analysis

Affected File: /studio/builder_page.php [Log].

Triggered Rule: COMODO WAF ID 212620 (07_XSS_XSS.conf) [Log].

Cause: The content field of a POST request contained JavaScript code (<script>$(".bx-menu...").hide();</script>) [Log]. ModSecurity detected the <script> tag and blocked the action with a 403 Forbidden error for security reasons.

Context: This appears to be a legitimate action by a page builder on your website attempting to save changes that include scripts.

One of the solutions recommended by Gemini was the one I used: disabling a rule in ModSecurity.

However, I need to find another alternative that allows me to disable the rule only for that specific application.

Regards.