rule id 340162

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
grvoice
New Forum User
New Forum User
Posts: 1
Joined: Wed Nov 29, 2017 1:31 pm
Location: Greece

rule id 340162

Unread post by grvoice »

Hello,

we have buy a plugin for our e-shop which communicate with google fire base for showing a pop up notification (accept YES/NO) to the user in order to get notifications for our e-shop while he isn't in it (through chrome).

We have enable fail2ban module in plesk and plesk-modsecurity jail too.

The problem is when we browse our e-shop (and every user) after the max retries of plesk-modsecurity jail user is banned.

Below you can see the error from log of apache. The result is that plugin doesn't work and also user is banned. Can you please help to find a solution for this error without need to disable rule id 340162 in order to be secure?

[client XX.XX.XX.XX] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "179"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [hostname "www.domain.com.gr"] [uri "/index.php"] [unique_id "Wh34QRnFLoVvc2Vk2BCdQwAAAZY"], referer: https://www.domain.com.gr/

Regards
Post Reply