rule id 340162
Posted: Wed Nov 29, 2017 1:49 pm
Hello,
we have buy a plugin for our e-shop which communicate with google fire base for showing a pop up notification (accept YES/NO) to the user in order to get notifications for our e-shop while he isn't in it (through chrome).
We have enable fail2ban module in plesk and plesk-modsecurity jail too.
The problem is when we browse our e-shop (and every user) after the max retries of plesk-modsecurity jail user is banned.
Below you can see the error from log of apache. The result is that plugin doesn't work and also user is banned. Can you please help to find a solution for this error without need to disable rule id 340162 in order to be secure?
[client XX.XX.XX.XX] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "179"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [hostname "www.domain.com.gr"] [uri "/index.php"] [unique_id "Wh34QRnFLoVvc2Vk2BCdQwAAAZY"], referer: https://www.domain.com.gr/
Regards
we have buy a plugin for our e-shop which communicate with google fire base for showing a pop up notification (accept YES/NO) to the user in order to get notifications for our e-shop while he isn't in it (through chrome).
We have enable fail2ban module in plesk and plesk-modsecurity jail too.
The problem is when we browse our e-shop (and every user) after the max retries of plesk-modsecurity jail user is banned.
Below you can see the error from log of apache. The result is that plugin doesn't work and also user is banned. Can you please help to find a solution for this error without need to disable rule id 340162 in order to be secure?
[client XX.XX.XX.XX] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "179"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [hostname "www.domain.com.gr"] [uri "/index.php"] [unique_id "Wh34QRnFLoVvc2Vk2BCdQwAAAZY"], referer: https://www.domain.com.gr/
Regards