Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security false positive?

Discussion in 'Security' started by upsforum, Feb 28, 2013.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    464
    Likes Received:
    0
    Trophy Points:
    166
    I have this alert but the swf file is a my banner on my website

    [Thu Feb 28 17:14:14 2013] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "www.domain .it"] [uri "/adv/300x250.swf"] [unique_id "US@CVk@Pu@YAAD2xxVkAAAAP"]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Just whitelist the rule/id after logging to your server. If you have confiservermodsec plugin installed on server, you can disable the rule for the domain after logging to WHM >> Plugins >> ConfigServerModSec .

    Otherwise you may use the .htaccess to whitelist the id/rule "950107" for the domain.

    Cheers!!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice