HTTP Response Splitting Attack – Access Denied | WordPress.org

Resolved TareqTujjar
(@tareqtujjar)

11 years, 9 months ago

Hello,

I am using mod_secure with my Apache server, and configured with the OWSA rules. When I go to Abandoned Carts –> Email Templates —> and Edit my Email template -> Update Changes, I get error 400. Log shows the following message:

ModSecurity: Access denied with code 400 (phase 2). Pattern match “(?:\\bhttp\\/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:woocommerce_ac_email_body. [file “/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf”] [line “213”] [id “950911”] [msg “HTTP Response Splitting Attack”] [data “<html”] [severity “ALERT”] [hostname “XXXXXXXX.com”] [uri “/wp-admin/admin.php”] [unique_id “XXXXXXXXXXXXXXXXX”]

For some reason mod_secure it thinking that this is a split html attack, any help?

Thanks

https://wordpress.org/plugins/woocommerce-abandoned-cart/

Viewing 1 replies (of 1 total)

bhavik.kiri
(@bhavikkiri)

11 years, 9 months ago

Hi,

This is the first time any client has reported such an issue, and from what we have been able to find online, it is more of a setting issue (with the host) and nothing to do with our plugin

So can you please get in touch with your hosting company to see if they can help fix the issue.

Thanks,
Bhavik Kiri

Viewing 1 replies (of 1 total)

The topic ‘HTTP Response Splitting Attack – Access Denied’ is closed to new replies.

1 reply
2 participants
Last reply from: bhavik.kiri
Last activity: 11 years, 9 months ago
Status: resolved