I have my application hosted at Alphamegahosting.
Recently they have upgraded their security layer and now I am dealing with problems I am not able to solve.
On my webpage I use CDKEDITOR to let the user fill in some content and submit it.
I get next message in my error log:
[Fri Jan 08 14:26:59 2016] [error] [client 62.195.103.165] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "ARGS:bericht4" required. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "309"] [id "350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] [hostname "www.itclubsupport.nl"] [uri "/clubsupport/programmatuur/INGELOGD/LOGIN overzicht/LOGIN php/LOGIN webmaster/LOGIN beheren formulieren/LOGIN voeg formulier toe in tabel.php"] [unique_id "Vo@5I1ZtCwEAARujn3UAAAAD"]
When a user enters "hello", then enter (next sentence) and than "hello" again it is working fine.
However when instead of 1 time enter, the user puts 2 enters I get error 403 with above message.
Does anybody have a glue how to solve this?
[line "309"] [id "350147"]
-
- New Forum User
- Posts: 1
- Joined: Fri Dec 04, 2015 3:52 am
- Location: Amsterdam
Re: [line "309"] [id "350147"]
You should probably contact your hosting provider if you want this resolved. They can change or disable the mod_security rule for your web application.
The rule in question is part of the 'basic' rule set created by Atomicorp and distributed by Plesk (http://www.plesk.com). Your hosting provider is using the Plesk control panel to manage their web server security settings and choose to use the free Atomicorp basic rule set. I highly doubt that Atomicorp will adjust their rules based on this report.
The rule in question is part of the 'basic' rule set created by Atomicorp and distributed by Plesk (http://www.plesk.com). Your hosting provider is using the Plesk control panel to manage their web server security settings and choose to use the free Atomicorp basic rule set. I highly doubt that Atomicorp will adjust their rules based on this report.
Lemonbit Internet Dedicated Server Management