ModSecurity blocks google analytics script tag

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
My application allows the user to use his own google-analytics script tag, which is stored in the application SQL database and used at the footer of the application/site.

Unfortunately, I discovered that the user couldn't save the page and received a 403 http error. Apparently, ModSecurity detects the script tag in the submitted textarea as cross site scripting attack.

The log says:
Code:
ModSecurity: Access denied with code 403 (phase 2). Pattern match 
"(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|
chrome)|< ?/?i?frame|\\\\%env)" at ARGS:SSL_SITE_SEAL. [file 
"/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line 
"990"] [id "340147"] [rev "133"] [msg "Atomicorp.com WAF Rules:
Potential Cross Site Scripting Attack"] [data "<script"] [severity "CRITICAL"]
Is there a way to avoid a single rule per url? or disable that rule entirely?

Thank you.
 

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
Not yet, I'm still with the old default rules.

Looks like ConfigServer's tool is the way to go, nice to stop specific rules from running per URL.

Thank you!