THL Posted November 21, 2011 Posted November 21, 2011 I keep getting a rule flagged up in apache error logs.. [Sun Nov 20 18:04:47 2011] [error] [client 81.107.65.165] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|" ?> ?<|" ?[a-z]+ ?<.*>|> ?"? ?(>|<)|< ?/?i?frame|%env)" at REQUEST_URI. [file "/usr/local/apache/conf/turtle-rules/modsec/10_asl_rules.conf"] [line "886"] [id "340147"] [rev "81"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Generic XSS filter"] [data "http:/"] [severity "CRITICAL"] [hostname "www.mysite.com"] [uri "/forums/public/min/index.php"] [unique_id "TsmHj0g01WAAAE0v3IMAAAAE"] What is this file used for /forums/public/min/index.php
Luis Manson Posted November 28, 2011 Posted November 28, 2011 the seccond line of that file says:Front controller for default Minify implementation its the one that minifies the CSS if you have that option enabled
Gary. Posted December 9, 2011 Posted December 9, 2011 Just edit the mod_sec config file and you can either remove the full line, or you can bypass that rule by commenting it out with # If you wish to keep the rule then just edit the virtual host and below, replacing the correct path and domain: <Directory /var/www/vhosts/domain.com/httpdocs/(dir)> SecRuleRemoveById 340147 </Directory> Once edited and saved restart apache, One you restarted apache run: /usr/sbin/apachectl configtest Job done :smile:
Recommended Posts
Archived
This topic is now archived and is closed to further replies.