Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted November 21, 201113 yr I keep getting a rule flagged up in apache error logs.. [Sun Nov 20 18:04:47 2011] [error] [client 81.107.65.165] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|" ?> ?<|" ?[a-z]+ ?<.*>|> ?"? ?(>|<)|< ?/?i?frame|%env)" at REQUEST_URI. [file "/usr/local/apache/conf/turtle-rules/modsec/10_asl_rules.conf"] [line "886"] [id "340147"] [rev "81"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Generic XSS filter"] [data "http:/"] [severity "CRITICAL"] [hostname "www.mysite.com"] [uri "/forums/public/min/index.php"] [unique_id "TsmHj0g01WAAAE0v3IMAAAAE"] What is this file used for /forums/public/min/index.php
November 28, 201113 yr the seccond line of that file says:Front controller for default Minify implementation its the one that minifies the CSS if you have that option enabled
December 9, 201113 yr Just edit the mod_sec config file and you can either remove the full line, or you can bypass that rule by commenting it out with # If you wish to keep the rule then just edit the virtual host and below, replacing the correct path and domain: <Directory /var/www/vhosts/domain.com/httpdocs/(dir)> SecRuleRemoveById 340147 </Directory> Once edited and saved restart apache, One you restarted apache run: /usr/sbin/apachectl configtest Job done :smile:
Archived
This topic is now archived and is closed to further replies.