The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security Blocking jQuery.cookie.js in Drupal Installation

Discussion in 'Security' started by scielcoi, Feb 11, 2011.

  1. scielcoi

    scielcoi Registered

    Joined:
    Feb 11, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I installed Drupal, and not able to access the site /www.scientificinternational.co.in. My webhost gave me the logs that says

    Code:
    [Fri Feb 11 01:11:55 2011] [error] [client 74.102.61.235] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.scientificinternational.co.in"] [uri "/misc/jquery.cookie.js"] [unique_id "TVQ-g9gSy9IAAFMPlW4AAAAC"]
    I am sure, ppl might have come across this issue....

    Please help me override this
     
  2. Cindu

    Cindu Well-Known Member

    Joined:
    Feb 7, 2011
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    You can ask your host to disable mod_security for the domain or they can always disable particular pattern for the domain.
    Cheers!
     
  3. cPanelJamyn

    cPanelJamyn Social Engineer
    Staff Member

    Joined:
    Jan 29, 2009
    Messages:
    105
    Likes Received:
    2
    Trophy Points:
    0
    The error message indicates rule # 950004 is triggering for the url /misc/jquery.cookie.js.
    Your host should be able to add the following to any of the EasyApache include files (ex: pre_virtualhost_global.conf or one specific to your domain). It should disable rule 950004 for the url '/misc/jquery.cookie.js'.

    Code:
    <LocationMatch /misc/jquery.cookie.js>
      <IfModule mod_security2.c>
        SecRuleRemoveById 950004
        # SecRuleEngine Off
      </IfModule>
    </LocationMatch>
    
    You can't add <LocationMatch> to an .htaccess file, so it'll need to be in an include.
     
    David July likes this.
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page