store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Aug 18, 2019 6:16 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: [line "309"] [id "350147"]
Unread postPosted: Fri Jan 08, 2016 9:47 am 
Offline
New Forum User
New Forum User

Joined: Fri Dec 04, 2015 3:52 am
Posts: 1
Location: Amsterdam
I have my application hosted at Alphamegahosting.
Recently they have upgraded their security layer and now I am dealing with problems I am not able to solve.
On my webpage I use CDKEDITOR to let the user fill in some content and submit it.
I get next message in my error log:
[Fri Jan 08 14:26:59 2016] [error] [client 62.195.103.165] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "ARGS:bericht4" required. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "309"] [id "350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] [hostname "www.itclubsupport.nl"] [uri "/clubsupport/programmatuur/INGELOGD/LOGIN overzicht/LOGIN php/LOGIN webmaster/LOGIN beheren formulieren/LOGIN voeg formulier toe in tabel.php"] [unique_id "Vo@5I1ZtCwEAARujn3UAAAAD"]

When a user enters "hello", then enter (next sentence) and than "hello" again it is working fine.
However when instead of 1 time enter, the user puts 2 enters I get error 403 with above message.

Does anybody have a glue how to solve this?


Top
 Profile  
Reply with quote  
 Post subject: Re: [line "309"] [id "350147"]
Unread postPosted: Sun Jan 10, 2016 5:45 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 01, 2006 2:45 pm
Posts: 573
Location: Netherlands
You should probably contact your hosting provider if you want this resolved. They can change or disable the mod_security rule for your web application.

The rule in question is part of the 'basic' rule set created by Atomicorp and distributed by Plesk (http://www.plesk.com). Your hosting provider is using the Plesk control panel to manage their web server security settings and choose to use the free Atomicorp basic rule set. I highly doubt that Atomicorp will adjust their rules based on this report.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group