[line "309"] [id "350147"]

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
jeroenisanders
New Forum User
New Forum User
Posts: 1
Joined: Fri Dec 04, 2015 3:52 am
Location: Amsterdam

[line "309"] [id "350147"]

Unread post by jeroenisanders »

I have my application hosted at Alphamegahosting.
Recently they have upgraded their security layer and now I am dealing with problems I am not able to solve.
On my webpage I use CDKEDITOR to let the user fill in some content and submit it.
I get next message in my error log:
[Fri Jan 08 14:26:59 2016] [error] [client 62.195.103.165] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "ARGS:bericht4" required. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "309"] [id "350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] [hostname "www.itclubsupport.nl"] [uri "/clubsupport/programmatuur/INGELOGD/LOGIN overzicht/LOGIN php/LOGIN webmaster/LOGIN beheren formulieren/LOGIN voeg formulier toe in tabel.php"] [unique_id "Vo@5I1ZtCwEAARujn3UAAAAD"]

When a user enters "hello", then enter (next sentence) and than "hello" again it is working fine.
However when instead of 1 time enter, the user puts 2 enters I get error 403 with above message.

Does anybody have a glue how to solve this?
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: [line "309"] [id "350147"]

Unread post by prupert »

You should probably contact your hosting provider if you want this resolved. They can change or disable the mod_security rule for your web application.

The rule in question is part of the 'basic' rule set created by Atomicorp and distributed by Plesk (http://www.plesk.com). Your hosting provider is using the Plesk control panel to manage their web server security settings and choose to use the free Atomicorp basic rule set. I highly doubt that Atomicorp will adjust their rules based on this report.
Lemonbit Internet Dedicated Server Management
Post Reply