Hi,
I have an ultrawebsitehosting.com account and apparently they use atomicorps. Recently I installed a wordpress theme that uses an iframe customizer and it has been blocking me at the firewall every time I try to customize something.
The hosting support people told me this:
"The security rule that was triggered was:
[Mon Sep 17 23:21:09 2012] [error] [client 24.22.185.91] Access denied with code 403 (phase 2). Pattern match "(< ((img iframe) src a href) (ogg|gopher|(ht|f)tps):/alert (< ((java|vb)script|applet|activex|chrome) >|" > |< /iframe|%env)" at ARGS:customized.
[id "340148"]
[msg "Atomicorp.com WAF Rules: Cross Site Scripting Attack"]
[severity "CRITICAL"] [hostname "agenciaempleadasdomesticas.com"] "
I contacted the people that sold me the Netix WP theme at WebfactoryLtd but they said
" Theme customizer is a built-in WP feature used on tens of thousand of servers and I've never heard it triggering a firewall rule. Yes, it uses iframes but it's a plain iframe, nothing special."
You can see how the customizer works here:
http://netix-wp.webfactoryltd.com/
I imagine asking for a rule exception is not so safe, so I was wondering if someone here could help me out?
Thank you!
iframe triggering 340148
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: iframe triggering 340148
Sorry to hear about this. We can resolve this for you, but we need a little more information. We need to see the audit record, please see the URL below for instructions about how report a false positive:
https://www.atomicorp.com/wiki/index.ph ... _Positives
If you do not have access to your systems audit records, can you ask your hosting company to submit this to us as a false positive for you?
https://www.atomicorp.com/wiki/index.ph ... _Positives
If you do not have access to your systems audit records, can you ask your hosting company to submit this to us as a false positive for you?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone