Control Web Panel

Security => Mod_Security => Topic started by: CtrlTR on December 24, 2021, 05:56:32 PM

Title: ModSecurity - Google Social Login Conflict
Post by: CtrlTR on December 24, 2021, 05:56:32 PM
Hello Forum,
I'm encountering a modsecurity issue on one of my websites.
My website is built with wordpress and has premium themes and plugins. I am getting such error because of modsecurity in google social login link.

I've never had a problem with mod security before and I've always used Comodo WAF rules actively, now I don't know what to do. If anyone can explain it step by step in its simplest form I would be happy.
Can someone tell me exactly what I should do?
I don't want to turn off modsecurity.
Thanks in advance.


Code: [Select]
[Fri Dec 24 20:17:22.402321 2021] [:error] [pid 12737:tid 139702417987328] [client 88.250.77.19:50964] [client 88.250.77.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||piyons.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "piyons.com"] [uri "/"] [unique_id "YcYAoskwV5djLbZ8l9nztAAAAIs"], referer: https://accounts.google.com.tr/
[Fri Dec 24 18:27:28.756921 2021] [:error] [pid 12680:tid 139702392809216] [client 40.117.88.131:44626] [client 40.117.88.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "piyons.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "YcXm4C-jAcqDJzyFyCUNHQAAAE4"]
[Fri Dec 24 16:37:57.172353 2021] [:error] [pid 12681:tid 139702367631104] [client 209.159.152.105:38092] [client 209.159.152.105] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.159.152.105 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcXNNccOeIH92OCKz2zvvAAAANE"]
[Fri Dec 24 16:37:51.759860 2021] [:error] [pid 13147:tid 139702556350208] [client 207.180.204.135:38046] [client 207.180.204.135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "piyons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "YcXNL9LcgVYD8uKXiJ0JSAAAAAM"]
[Fri Dec 24 15:23:47.907405 2021] [:error] [pid 13147:tid 139702325667584] [client 143.198.159.180:33752] [client 143.198.159.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 143.198.159.180 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--gAAABY"]
[Fri Dec 24 15:23:47.138734 2021] [:error] [pid 13147:tid 139702376023808] [client 143.198.159.180:33748] [client 143.198.159.180] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--QAAABA"]
[Fri Dec 24 15:23:47.137496 2021] [:error] [pid 13147:tid 139702376023808] [client 143.198.159.180:33748] [client 143.198.159.180] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--QAAABA"]
[Fri Dec 24 15:23:44.876348 2021] [:error] [pid 12680:tid 139702417987328] [client 143.198.159.180:33728] [client 143.198.159.180] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70C-jAcqDJzyFyCUKEwAAAEs"]
[Fri Dec 24 15:23:44.874794 2021] [:error] [pid 12680:tid 139702417987328] [client 143.198.159.180:33728] [client 143.198.159.180] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70C-jAcqDJzyFyCUKEwAAAEs"]
[Fri Dec 24 15:23:44.061437 2021] [:error] [pid 13147:tid 139702384416512] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70NLcgVYD8uKXiJ3-9QAAAA8"]
[Fri Dec 24 15:23:44.056242 2021] [:error] [pid 13147:tid 139702384416512] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70NLcgVYD8uKXiJ3-9QAAAA8"]
[Fri Dec 24 15:23:42.665104 2021] [:error] [pid 13147:tid 139702426380032] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "piyons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "YcW7ztLcgVYD8uKXiJ3-8wAAAAo"]
[Fri Dec 24 12:13:29.461312 2021] [:error] [pid 13147:tid 139702401201920] [client 88.250.77.19:50462] [client 88.250.77.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||piyons.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "piyons.com"] [uri "/"] [unique_id "YcWPOdLcgVYD8uKXiJ3h6gAAAA0"], referer: https://piyons.com/
[Fri Dec 24 11:52:20.211321 2021] [:error] [pid 13147:tid 139702384416512] [client 147.182.224.190:49112] [client 147.182.224.190] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 147.182.224.190 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKRNLcgVYD8uKXiJ3ehwAAAA8"]
[Fri Dec 24 11:52:19.361272 2021] [:error] [pid 12737:tid 139702350845696] [client 147.182.224.190:49108] [client 147.182.224.190] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQ8kwV5djLbZ8l9nMqwAAAJM"]
[Fri Dec 24 11:52:19.360003 2021] [:error] [pid 12737:tid 139702350845696] [client 147.182.224.190:49108] [client 147.182.224.190] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQ8kwV5djLbZ8l9nMqwAAAJM"]
[Fri Dec 24 11:52:16.970719 2021] [:error] [pid 13147:tid 139702443165440] [client 147.182.224.190:49092] [client 147.182.224.190] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3eggAAAAg"]
[Fri Dec 24 11:52:16.968977 2021] [:error] [pid 13147:tid 139702443165440] [client 147.182.224.190:49092] [client 147.182.224.190] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3eggAAAAg"]
[Fri Dec 24 11:52:16.086914 2021] [:error] [pid 13147:tid 139702468343552] [client 207.180.204.135:49074] [client 207.180.204.135] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3egAAAAAU"]
[Fri Dec 24 11:52:16.083164 2021] [:error] [pid 13147:tid 139702468343552] [client 207.180.204.135:49074] [client 207.180.204.135] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3egAAAAAU"]
Title: Re: ModSecurity - Google Social Login Conflict
Post by: studio4host on December 24, 2021, 09:54:53 PM
that is why you have mod_security module in cwp where you can whitelist rules you need per domain or global...as usual per domain is recommended.