Check which rule is causing the problem.
For example, I had to disable rule 920450: Restricted HTTP headers msg:'HTTP header is restricted by policy (%{MATCHED_VAR})
Thank you, there are quite a few - but you have to work back from 949110 which is the one that does the dirty work.
eg. for Opayo/Sagepay (amongst other codes)
920600
980130
This must be affecting quite a lot of people - assuming we aren't the only people with it switched on!
eg. for Opayo/Sagepay (amongst other codes)
920600
980130
This must be affecting quite a lot of people - assuming we aren't the only people with it switched on!
949100 ( absolutely must not be deactivated, it counts the anomalous score of the various rules)
You need to disable only the individual rules that are creating the problem
920600 This rule restricts these to familiar charsets. (OK)
crsdoc.digitalwave.hu
You need to disable only the individual rules that are creating the problem
920600 This rule restricts these to familiar charsets. (OK)
modsec-vue
Yup, thanks, we are aware of the importance of 949110. Our hosts aren't though and they turned it off and asked us to ignore the warnings - we reinstated and have been working back to identify the actual triggers.949100 ( absolutely must not be deactivated, it counts the anomalous score of the various rules)
You need to disable only the individual rules that are creating the problem
920600 This rule restricts these to familiar charsets. (OK)
modsec-vue
These issues depend on the security changes that have been implemented in Modsecurity 2.9.6 and OWASP 3.3.4
CVE-2022-39955 and CVE-2022-399556
For example rule 920600 can create problems with User-Agent: ias-ir/3.1 of admantx.com
CVE-2022-39955 and CVE-2022-399556
For example rule 920600 can create problems with User-Agent: ias-ir/3.1 of admantx.com
Same problems with paypal and opayo. Tracked the various triggers and had the following list:
920600
920420
980130
Added these as global exemptions. Did not work.
We have to add exemptions for 949110 for the 2 call back scripts which I understand to be very bad.
I would appreciate a solution that does not involve disabling 949110.
920600
920420
980130
Added these as global exemptions. Did not work.
We have to add exemptions for 949110 for the 2 call back scripts which I understand to be very bad.
I would appreciate a solution that does not involve disabling 949110.
Hi,
If only those 3 rules are the problem, once disabled, they should no longer trigger 949110.
Maybe there is some other rule to disable, but not 949110 and 980130 (these exclude the detection of many other rules)
Support – OWASP ModSecurity Core Rule Set
coreruleset.org
You could report the problem here
Issues · coreruleset/coreruleset
OWASP ModSecurity Core Rule Set (Official Repository) - Issues · coreruleset/coreruleset
github.com
Last edited:
Hi, the modsec ruleset update yesterday also caused havoc to our payment system. The temporary solution was to disable the offending ruleset trigger ID : 920600
As I mentioned in my original post. These were the rules that were showing in the hitlist but disabling them and not 949110 did not work. I have tried again today and it does not work.Hi,
If only those 3 rules are the problem, once disabled, they should no longer trigger 949110.
Maybe there is some other rule to disable, but not 949110 and 980130 (these exclude the detection of many other rules)
Support – OWASP ModSecurity Core Rule Set
You could report the problem here
Issues · coreruleset/coreruleset
OWASP ModSecurity Core Rule Set (Official Repository) - Issues · coreruleset/coreruleset
These are the hits that occurred when I added the 3 rules to the exclusion of the script. You can see the top one is what happened when I removed the rules and added 949110 back.
This is very serious and I cannot believe more people aren't affected.
Attachments
Hi,
forums.cpanel.net
github.com
EasyApache December 14 Release
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on...
- mod_security2
- EA-11091: Fix linking issues on C6/C7
EA-11091: Fix linking issues on C6/C7 · CpanelInc/[email protected]
Contribute to CpanelInc/mod_security2 development by creating an account on GitHub.
github.com
Hello
I have the same problem with 3-4 eshops under my hosting. After the upgrade to the newest version of mod security Paypal payments dont work. I had to disable it in these cpanels in order not to cause problems to my customers.
Also Another problem is that when a customer tries to add new products with a name like "Φωτιστικό εσωτερικού χώρου 3XE15"
When he writes something like 3XE15 in the title then the system locks his IP. I also had to disable it on that cpanel too
I have the same problem with 3-4 eshops under my hosting. After the upgrade to the newest version of mod security Paypal payments dont work. I had to disable it in these cpanels in order not to cause problems to my customers.
Also Another problem is that when a customer tries to add new products with a name like "Φωτιστικό εσωτερικού χώρου 3XE15"
When he writes something like 3XE15 in the title then the system locks his IP. I also had to disable it on that cpanel too
Modsecurity 2.9.7 released
github.com
Is there an update date by Cpanel?
Release v2.9.7 · SpiderLabs/ModSecurity
Security impacting issues Fix: FILES_TMP_CONTENT may sometimes lack complete content [Issue #2857 - gieltje, @airween, @dune73, @martinhsv] New features Support configurable limit on number of a...
github.com
Is there an update date by Cpanel?
The story is old, and it looks like it is over: Is this project dead?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
|
Allowing HTTP methods PATCH and DELETE in modsecurity | Security | 3 | |
| K | HTTP ERROR 500 - security2:error - ModSecurity | Security | 2 | |
|
ModSecurity Tools not logging all hits | Security | 17 | |
| C | Modsecurity 2.9.7 is coming soon | Security | 1 | |
|
ModSecurity: Transformation Caching Unstable, Fixed, But Deprecated | Security | 2 |