Control Web Panel
Security => Mod_Security => Topic started by: anandmys on September 01, 2020, 09:26:14 AM
-
Tue Sep 01 11:19:15.874034 2020] [:error] [pid 9479:tid 140529090119424] [client 103.254.128.138:44756] [client 103.254.128.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 30)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "hosting.siteurl.in"] [uri "/roundcube/"] [unique_id "X04SE88kQmL3N7OFlphB2wAAANA"], referer: https://hosting.siteurl.in/roundcube/?_task=mail&_action=compose&_id=12342351165f4e1207b5e66
When I forward few html emails, I get the above error.
I have even deactivated the mod security for the client account.
Please help fixing this.
-
Mod_security is used for a very good reason: WAF! Disable at your own peril.
Actually read the error message; it does help.
Just use the GUI to disable the rule identified by [id "949110"] - easy.
-
Thank you. But the momemt I add and save this id in disabled rules apache is crashing
Sep 01 14:15:46 hosting.siteurl.in apachectl[13000]: AH00526: Syntax error on line 2 of /usr/local/apache/modsecurity-owasp-latest/global_disabled_rules.conf:
Sep 01 14:15:46 hosting.siteurl.in apachectl[13000]: Invalid command '949110', perhaps misspelled or defined by a module not included in the server configuration
Sep 01 14:15:46 hosting.siteurl.in systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 01 14:15:46 hosting.siteurl.in systemd[1]: Failed to start Web server Apache.
-
Resolved. Thank you
I added
SecRuleRemoveById 949110