Saving event violates WAF

  • Resolved TRILOS new media

    (@trilos)


    5 years, 7 months ago

    Saving an event violates a specific rule of Atomicorp in the ModSecurity Web Application Firewall which is shipped with Plesk Panel. Perhaps you can improve the code.

    [client ...] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "319"] [id "33340465"] [rev "56"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Remote File Injection attempt in ARGS (admin.php)"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ://%{SERVER_NAME}/" against "ARGS:event_contactperson_email_body" required. [hostname "..."] [uri "/wp-admin/admin.php"] [unique_id "X4W6A6eUEgec32fBIRj2GwAAAAQ"], referer: https://.../wp-admin/admin.php?page=eme-manager&eme_admin_action=edit_event&event_id=758
Viewing 1 replies (of 1 total)
  • Plugin Author Franky

    (@liedekef)

    5 years, 7 months ago

    I’m unsure as to why a POST to admin.php would fail on the argument event_contactperson_email_body . If mod_security checks the content of that and that contains the mentioned text “rx ://%{SERVER_NAME}/” (I guess that’s a regex for the servername), then:
    – it is logical that you include an url to your server in an email
    – so maybe the event* arguments need to be excluded in your mod_security rules.

Viewing 1 replies (of 1 total)

The topic ‘Saving event violates WAF’ is closed to new replies.