Jump to content

Apache Modsec Rule


THL

Recommended Posts

I keep getting a rule flagged up in apache error logs..

[Sun Nov 20 18:04:47 2011] [error] [client 81.107.65.165] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|" ?> ?<|" ?[a-z]+ ?<.*>|> ?"? ?(>|<)|< ?/?i?frame|%env)" at REQUEST_URI. [file "/usr/local/apache/conf/turtle-rules/modsec/10_asl_rules.conf"] [line "886"] [id "340147"] [rev "81"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Generic XSS filter"] [data "http:/"] [severity "CRITICAL"] [hostname "www.mysite.com"] [uri "/forums/public/min/index.php"] [unique_id "TsmHj0g01WAAAE0v3IMAAAAE"]


What is this file used for /forums/public/min/index.php

Link to comment
Share on other sites

  • 2 weeks later...

Just edit the mod_sec config file and you can either remove the full line, or you can bypass that rule by commenting it out with #

If you wish to keep the rule then just edit the virtual host and below, replacing the correct path and domain:


<Directory /var/www/vhosts/domain.com/httpdocs/(dir)>


SecRuleRemoveById 340147


</Directory>




Once edited and saved restart apache, One you restarted apache run:



/usr/sbin/apachectl configtest




Job done :smile:
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...