mod_security false positive?

upsforum

upsforum

Well-Known Member
Jul 27, 2005
474
0
166
I have this alert but the swf file is a my banner on my website

[Thu Feb 28 17:14:14 2013] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "www.domain .it"] [uri "/adv/300x250.swf"] [unique_id "US@CVk@Pu@YAAD2xxVkAAAAP"]
 
arunsv84

arunsv84

Well-Known Member
Oct 20, 2008
372
1
68
127.0.0.1
cPanel Access Level
Root Administrator
Just whitelist the rule/id after logging to your server. If you have confiservermodsec plugin installed on server, you can disable the rule for the domain after logging to WHM >> Plugins >> ConfigServerModSec .

Otherwise you may use the .htaccess to whitelist the id/rule "950107" for the domain.

Cheers!!!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
K Mod_security and scan of port 443 Security 12
J deciphering mod_security logs Security 9
H mod_security - false positive issue Security 1
upsforum mod_security and false positive? Security 1
upsforum mod_security and SQL injection (false positive?) Security 1
Similar threads
Mod_security and scan of port 443
deciphering mod_security logs
mod_security - false positive issue
mod_security and false positive?
mod_security and SQL injection (false positive?)
Top Bottom