Mod Security Blocking jQuery.cookie.js in Drupal Installation

S

scielcoi

Registered
Feb 11, 2011
1
0
51
I installed Drupal, and not able to access the site /www.scientificinternational.co.in. My webhost gave me the logs that says

Code: 
[Fri Feb 11 01:11:55 2011] [error] [client 74.102.61.235] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.scientificinternational.co.in"] [uri "/misc/jquery.cookie.js"] [unique_id "TVQ-g9gSy9IAAFMPlW4AAAAC"]
I am sure, ppl might have come across this issue....

Please help me override this
 
C

Cindu

Well-Known Member
Feb 7, 2011
46
0
56
Hello,

You can ask your host to disable mod_security for the domain or they can always disable particular pattern for the domain.
Cheers!
 
cPanelJamyn

cPanelJamyn

Social Engineer
Staff member
Jan 29, 2009
105
2
143
scielcoi said:
Code: 
[Fri Feb 11 01:11:55 2011] [error] [client 74.102.61.235] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [B][id "950004"][/B] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.scientificinternational.co.in"] [B][uri "/misc/jquery.cookie.js"][/B] [unique_id "TVQ-g9gSy9IAAFMPlW4AAAAC"]
Click to expand...
The error message indicates rule # 950004 is triggering for the url /misc/jquery.cookie.js.
Your host should be able to add the following to any of the EasyApache include files (ex: pre_virtualhost_global.conf or one specific to your domain). It should disable rule 950004 for the url '/misc/jquery.cookie.js'.

Code: 
<LocationMatch /misc/jquery.cookie.js>
  <IfModule mod_security2.c>
    SecRuleRemoveById 950004
    # SecRuleEngine Off
  </IfModule>
</LocationMatch>
You can't add <LocationMatch> to an .htaccess file, so it'll need to be in an include.
 
  • Like
Reactions: David July
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M ModSecurity rules triggered but not blocking the attacker Security 5
M Mod_Security blocking WordPress logins Security 3
M mod_security Blocking Form Contents Security 3
S ModSecurity is logging but not blocking (integration with ConfigServer) Security 12
A Mod Security Rules Incorrectly Blocking Googlebot Security 14
Similar threads
ModSecurity rules triggered but not blocking the attacker
Mod_Security blocking WordPress logins
mod_security Blocking Form Contents
ModSecurity is logging but not blocking (integration with ConfigServer)
Mod Security Rules Incorrectly Blocking Googlebot
Top Bottom