Having problems with OWASP firewall rules in Plesk

  • Resolved David Perez

    (@davidperez)


    1 year, 6 months ago

    Hello, I’ve migrated webs to server with OWASP rules, and it’s getting these errors:
    [client XX.XX.XXX.XXX] ModSecurity: Warning. Pattern match "(?i:(?:^(?:[\\"'\\\\\\\\]*?(?:[^\\"']+[\\"']|[\\\\d\\"']+)\\\\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\\\\|\\\\||like|and|div|&&)\\\\s*?[\\\\w\\"'][+&!@(),.-]|.?[\\"']$)|\\\\@(?:[\\\\w-]+\\\\s(?:between|like|x?or|and|div)\\\\s*?[^\\\\w\\\\s]|\\\\w+\\\\s+(?:between|like|x?or|and|div)\\\\s* ..." at REQUEST_COOKIES:moove_gdpr_popup. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "845"] [id "942330"] [msg "Detects classic SQL injection probings 1/3"] [data "Matched Data: \\x221\\x22,\\x22t found within REQUEST_COOKIES:moove_gdpr_popup: {\\x22strict\\x22:\\x221\\x22,\\x22thirdparty\\x22:\\x221\\x22,\\x22advanced\\x22:\\x221\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "domain.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "xxxxxx"], referer: https://domain.com.com/url/
    How could we solve it?

    • This topic was modified 1 year, 6 months ago by David Perez.
    • This topic was modified 1 year, 6 months ago by David Perez.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Having problems with OWASP firewall rules in Plesk’ is closed to new replies.