Recent Posts
1
Mod_Security / Re: issues while switching from comodo waf to OWASP latest waf
« Last post by overseer on Today at 12:56:56 AM »Comodo's WAF ruleset is dead -- it hasn't been updated in a year and a half. Try the OWASP Old style ruleset, but follow Starburst's guide here how to update Mod Security to the latest compatible version and the ruleset to the latest version:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-12-running-cwp-and-apache-on-almalinux-9/
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-9/
(tested on AlmaLinux 8 and 9)
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-12-running-cwp-and-apache-on-almalinux-9/
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-9/
(tested on AlmaLinux 8 and 9)
2
Mod_Security / issues while switching from comodo waf to OWASP latest waf
« Last post by zeejdeej on Today at 12:33:20 AM »hello,
when i select OWASP latest waf rules for mod security it only shows warning for threats seen in logs below , but when i choose comodo waf rules it blocks threats straight away ? where i can set OWASP rules to not only detect threats and give warning but blocks straight away ? where is this settings?
see the logs below :-
[Tue Sep 02 02:16:30.470800 2025] [:error] [pid 3863547:tid 3863552] [client 172.68.242.3:46086] [client 172.68.242.3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||bedrive.sws.net.pk|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?test=%2Fetc%2Fhost"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bedrive.sws.net.pk"] [uri "/"] [unique_id "aLY3Xq8tK4SCYBVQOmR2VAAAAMM"]
[Tue Sep 02 02:05:50.982678 2025] [:error] [pid 3863547:tid 3863573] [client 172.71.124.61:61906] [client 172.71.124.61] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||bedrive.sws.net.pk|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?test=%2Fetc%2Fhost"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bedrive.sws.net.pk"] [uri "/"] [unique_id "aLY03q8tK4SCYBVQOmR1sgAAANg"]
[Tue Sep 02 02:04:17.831963 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_session. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =1|| found within REQUEST_COOKIES:sbjs_session: pgs=1|||cpg=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831915 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_udata. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =1|| found within REQUEST_COOKIES:sbjs_udata: vst=1|||uip=(none)|||uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831837 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_first. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =typein|| found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831787 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_current. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =typein|| found within REQUEST_COOKIES:sbjs_current: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831733 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_first_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =2025-09- found within REQUEST_COOKIES:sbjs_first_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831671 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =2025-09- found within REQUEST_COOKIES:sbjs_current_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831585 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:cf_clearance. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: -1756771434-1.2.1.1- found within REQUEST_COOKIES:cf_clearance: E4AZPOvWWFn9LaMl2sMYYsLsva7GlacW0uTj4ygxzpM-1756771434-1.2.1.1-fQtJQaEGGv_DFtXO7FTSU22Ad_KLVssWMNrweQ85LktxYvfqYPHaniQWL1yjQ9_rCVQXnD9b3gVBRk_UTN5o2B_8uiXoLlRQO5q.SWPn_wm.t.zD2Of_OYECae16l67oovKxUR7b6XMbK.b3cqZfPuobsZM..sm5qaWvzSLSc5vwFFLbw_LrqKnx8Z.XrgKHj4Ge7HZC6V4EpW9hYkSncup0fsahDpc9XzNdUYg3.qc"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/100 [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831472 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_session. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =1|||cpg=https://bedrive.sws.net.pk/?foo=http% found within REQUEST_COOKIES:sbjs_session: pgs=1|||cpg=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831412 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_udata. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded ("] [data "Matched Data: =1|||uip=(none)| found within REQUEST_COOKIES:sbjs_udata: vst=1|||uip=(none)|||uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831352 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_first. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded ("] [data "Matched Data: =typein|||src=(direct)| found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831302 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_current. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded ("] [data "Matched Data: =typein|||src=(direct)| found within REQUEST_COOKIES:sbjs_current: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831227 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_first_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded ("] [data "Matched Data: =2025-09-02 00:04:12||| found within REQUEST_COOKIES:sbjs_first_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831109 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded ("] [data "Matched Data: =2025-09-02 00:04:12||| found within REQUEST_COOKIES:sbjs_current_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
when i select OWASP latest waf rules for mod security it only shows warning for threats seen in logs below , but when i choose comodo waf rules it blocks threats straight away ? where i can set OWASP rules to not only detect threats and give warning but blocks straight away ? where is this settings?
see the logs below :-
[Tue Sep 02 02:16:30.470800 2025] [:error] [pid 3863547:tid 3863552] [client 172.68.242.3:46086] [client 172.68.242.3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||bedrive.sws.net.pk|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?test=%2Fetc%2Fhost"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bedrive.sws.net.pk"] [uri "/"] [unique_id "aLY3Xq8tK4SCYBVQOmR2VAAAAMM"]
[Tue Sep 02 02:05:50.982678 2025] [:error] [pid 3863547:tid 3863573] [client 172.71.124.61:61906] [client 172.71.124.61] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||bedrive.sws.net.pk|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?test=%2Fetc%2Fhost"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bedrive.sws.net.pk"] [uri "/"] [unique_id "aLY03q8tK4SCYBVQOmR1sgAAANg"]
[Tue Sep 02 02:04:17.831963 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_session. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =1|| found within REQUEST_COOKIES:sbjs_session: pgs=1|||cpg=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831915 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_udata. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =1|| found within REQUEST_COOKIES:sbjs_udata: vst=1|||uip=(none)|||uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831837 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_first. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =typein|| found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831787 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_current. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =typein|| found within REQUEST_COOKIES:sbjs_current: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831733 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_first_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =2025-09- found within REQUEST_COOKIES:sbjs_first_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831671 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: =2025-09- found within REQUEST_COOKIES:sbjs_current_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/4"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831585 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){3})" at REQUEST_COOKIES:cf_clearance. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1560"] [id "942421"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)"] [data "Matched Data: -1756771434-1.2.1.1- found within REQUEST_COOKIES:cf_clearance: E4AZPOvWWFn9LaMl2sMYYsLsva7GlacW0uTj4ygxzpM-1756771434-1.2.1.1-fQtJQaEGGv_DFtXO7FTSU22Ad_KLVssWMNrweQ85LktxYvfqYPHaniQWL1yjQ9_rCVQXnD9b3gVBRk_UTN5o2B_8uiXoLlRQO5q.SWPn_wm.t.zD2Of_OYECae16l67oovKxUR7b6XMbK.b3cqZfPuobsZM..sm5qaWvzSLSc5vwFFLbw_LrqKnx8Z.XrgKHj4Ge7HZC6V4EpW9hYkSncup0fsahDpc9XzNdUYg3.qc"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/100 [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com
[Tue Sep 02 02:04:17.831472 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_session. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =1|||cpg=https://bedrive.sws.net.pk/?foo=http% found within REQUEST_COOKIES:sbjs_session: pgs=1|||cpg=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com[Tue Sep 02 02:04:17.831412 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_udata. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =1|||uip=(none)| found within REQUEST_COOKIES:sbjs_udata: vst=1|||uip=(none)|||uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com[Tue Sep 02 02:04:17.831352 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_first. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =typein|||src=(direct)| found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com[Tue Sep 02 02:04:17.831302 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_current. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =typein|||src=(direct)| found within REQUEST_COOKIES:sbjs_current: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com[Tue Sep 02 02:04:17.831227 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_first_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =2025-09-02 00:04:12||| found within REQUEST_COOKIES:sbjs_first_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com[Tue Sep 02 02:04:17.831109 2025] [:error] [pid 3862841:tid 3862843] [client 172.71.82.121:44854] [client 172.71.82.121] ModSecurity: Warning. Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1384"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (
"] [data "Matched Data: =2025-09-02 00:04:12||| found within REQUEST_COOKIES:sbjs_current_add: fd=2025-09-02 00:04:12|||ep=https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com|||rf=(none)"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/3"] [hostname "bedrive.sws.net.pk"] [uri "/wp-content/uploads/2023/05/spa-girl-5.png"] [unique_id "aLY0gUYRr8i8nLke5Yyl5wAAAMA"], referer: https://bedrive.sws.net.pk/?foo=http%3A%2F%2Fwww.example.com3
CentOS 9 Problems / Re: EL9 recent update casusing boot issue
« Last post by Starburst on September 01, 2025, 10:29:11 PM »CWP has Nothing to do with the boot sequence.
That is an OS related issue, and not surprising with a beta OS.
If you switch to a stable OS like AlmaLinux, and get off CentOS Stream you will have less problems.
As @overseer mentioned, CWP is CWP, whether it's on AlmaLinux 8 or 9. There is no difference.
That is an OS related issue, and not surprising with a beta OS.
If you switch to a stable OS like AlmaLinux, and get off CentOS Stream you will have less problems.
As @overseer mentioned, CWP is CWP, whether it's on AlmaLinux 8 or 9. There is no difference.
4
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by Starburst on September 01, 2025, 10:23:03 PM »The main conf file.
Usually - /usr/local/apache/conf.d/mod_security.conf
This will have the .conf that contains all the paths - /usr/local/apache/modsecurity-rules/modsec.conf
But the .conf can be called anything.
In that .conf file it will have the Includes, below is just an Example.
Include /usr/local/apache/modsecurity-rules/custom-rules/startup/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-1.23.4/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/before/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-1.23.4/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/after/*.conf
Usually - /usr/local/apache/conf.d/mod_security.conf
This will have the .conf that contains all the paths - /usr/local/apache/modsecurity-rules/modsec.conf
But the .conf can be called anything.
In that .conf file it will have the Includes, below is just an Example.
Include /usr/local/apache/modsecurity-rules/custom-rules/startup/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-1.23.4/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/before/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-1.23.4/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/after/*.conf
5
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by Starburst on September 01, 2025, 07:38:53 PM »You can Google the fix, it's a standard PHP Injection Attack due to an insure PHP configuration.
It also only affects people still using the EOL CentOS 7 OS.
But I think someone posted the fix here in one of the threads as well.
It also only affects people still using the EOL CentOS 7 OS.
But I think someone posted the fix here in one of the threads as well.
6
CentOS-WebPanel Bugs / Re: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ
« Last post by eyong on September 01, 2025, 06:22:19 PM »Same problem here, someone fixed it?
7
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by venty on September 01, 2025, 05:49:54 PM »If you're calling it with an "Include" line as with Starburst's configuration, it will be utilized by Mod Security. But the GUI in CWP will be editing a different file:
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
So you may want to Include that one specifically/additionally as well.
I didn't understand it... "Include" - in which file?
8
CentOS 9 Problems / Re: EL9 recent update casusing boot issue
« Last post by overseer on September 01, 2025, 05:29:34 PM »Was it a CWP or CentOS 9 Stream update that triggered your issue? There is no specific EL9 version of CWP -- the codebase is the same for EL8 or EL9. But CWP is still officially only in beta for EL9 -- so EL8 releases (AlmaLinux or Rocky Linux) offer the broadest compatibility. And CentOS 7 is EOL, so we won't even talk about it anymore (R.I.P.).
9
CentOS 9 Problems / Re: EL9 recent update casusing boot issue
« Last post by sETu on September 01, 2025, 05:19:27 PM »the issue with CWP EL9 recent version update. i tried with recovery mode but unfortunately lost my storage. purchased new storage and restore my backup. but after update again it crashed but this time it did not effect my storage.
again restoring my back but this time i am not going to update the CWP EL9 version.
again restoring my back but this time i am not going to update the CWP EL9 version.
10
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by overseer on September 01, 2025, 05:15:10 PM »If you're calling it with an "Include" line as with Starburst's configuration, it will be utilized by Mod Security. But the GUI in CWP will be editing a different file:
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
So you may want to Include that one specifically/additionally as well.
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
So you may want to Include that one specifically/additionally as well.
