Author Topic: Mod Security issue? pid 2459:tid 140698774865664  (Read 2194 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Mod Security issue? pid 2459:tid 140698774865664
« on: December 07, 2022, 05:48:10 AM »
Hi,

I have an issue where I keep getting logged out of one of my sites, wondering if this is causing it?

I'm not sure what the error is, I did disable mod security for this subdomain.

[Sun Dec 04 06:07:02.797116 2022] [:error] [pid 2459:tid 140698774865664] [client 3.44.104.50:38650] [client 3.44.104.50] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:sec-ch-ua-mobile outside range: 32,34,38,42-59,61,65-90,95,97-122. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1522"] [id "920274"] [msg "Invalid character in request headers (outside of very strict set)"] [data "REQUEST_HEADERS:sec-ch-ua-mobile=?0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "paranoia-level/4"] [hostname "sub.domain.it"] [uri "/ad1/theme/theme.css"] [unique_id "Y4w5BtDf09272i5clVjrZQAAAJI"]

Any advice appreciated

Thanks

Offline
***
Re: Mod Security issue? pid 2459:tid 140698774865664
« Reply #1 on: December 07, 2022, 01:40:41 PM »
turn off/uninstall mod

Offline
*
Re: Mod Security issue? pid 2459:tid 140698774865664
« Reply #2 on: December 07, 2022, 03:28:10 PM »
I disabled mod security for that subdomain,
Do I need to turn it off for the whole main domain also?

I'll give it a try but i like to keep my sites as secure as I can.

Offline
****
Re: Mod Security issue? pid 2459:tid 140698774865664
« Reply #3 on: February 10, 2023, 07:41:15 AM »
You're using the OWASP ruleset. I would suggest trying the Comodo rules instead -- it will throw less false-positives; it's not as restrictive and is more beginner-friendly.

Offline
*
Re: Mod Security issue? pid 2459:tid 140698774865664
« Reply #4 on: February 10, 2023, 08:45:36 AM »
Thanks I'll try that next