Mod Security Blocking jQuery.cookie.js in Drupal Installation

scielcoi

Registered
Feb 11, 2011
1
0
51
I installed Drupal, and not able to access the site /www.scientificinternational.co.in. My webhost gave me the logs that says

Code:
[Fri Feb 11 01:11:55 2011] [error] [client 74.102.61.235] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.scientificinternational.co.in"] [uri "/misc/jquery.cookie.js"] [unique_id "TVQ-g9gSy9IAAFMPlW4AAAAC"]
I am sure, ppl might have come across this issue....

Please help me override this
 

Cindu

Well-Known Member
Feb 7, 2011
46
0
56
Hello,

You can ask your host to disable mod_security for the domain or they can always disable particular pattern for the domain.
Cheers!
 

cPanelJamyn

Social Engineer
Staff member
Jan 29, 2009
105
2
143
Code:
[Fri Feb 11 01:11:55 2011] [error] [client 74.102.61.235] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [B][id "950004"][/B] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.scientificinternational.co.in"] [B][uri "/misc/jquery.cookie.js"][/B] [unique_id "TVQ-g9gSy9IAAFMPlW4AAAAC"]
The error message indicates rule # 950004 is triggering for the url /misc/jquery.cookie.js.
Your host should be able to add the following to any of the EasyApache include files (ex: pre_virtualhost_global.conf or one specific to your domain). It should disable rule 950004 for the url '/misc/jquery.cookie.js'.

Code:
<LocationMatch /misc/jquery.cookie.js>
  <IfModule mod_security2.c>
    SecRuleRemoveById 950004
    # SecRuleEngine Off
  </IfModule>
</LocationMatch>
You can't add <LocationMatch> to an .htaccess file, so it'll need to be in an include.
 
  • Like
Reactions: David July