The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security false positive?

Discussion in 'Security' started by upsforum, Feb 28, 2013.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    446
    Likes Received:
    0
    Trophy Points:
    16
    I have this alert but the swf file is a my banner on my website

    [Thu Feb 28 17:14:14 2013] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "www.domain .it"] [uri "/adv/300x250.swf"] [unique_id "US@CVk@Pu@YAAD2xxVkAAAAP"]
     
  2. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Just whitelist the rule/id after logging to your server. If you have confiservermodsec plugin installed on server, you can disable the rule for the domain after logging to WHM >> Plugins >> ConfigServerModSec .

    Otherwise you may use the .htaccess to whitelist the id/rule "950107" for the domain.

    Cheers!!!
     
Loading...

Share This Page