Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ModSecurity blocks google analytics script tag

Discussion in 'Security' started by sehh, Jun 24, 2015.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    My application allows the user to use his own google-analytics script tag, which is stored in the application SQL database and used at the footer of the application/site.

    Unfortunately, I discovered that the user couldn't save the page and received a 403 http error. Apparently, ModSecurity detects the script tag in the submitted textarea as cross site scripting attack.

    The log says:
    Code:
    ModSecurity: Access denied with code 403 (phase 2). Pattern match 
    "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|
    chrome)|< ?/?i?frame|\\\\%env)" at ARGS:SSL_SITE_SEAL. [file 
    "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line 
    "990"] [id "340147"] [rev "133"] [msg "Atomicorp.com WAF Rules:
    Potential Cross Site Scripting Attack"] [data "<script"] [severity "CRITICAL"]
    
    Is there a way to avoid a single rule per url? or disable that rule entirely?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm assuming you're not using the new ModSecurity tools in WHM, from your post:
    ConfigServer has a great tool that can help:
    http://www.configserver.com/cp/cmc.html

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    Not yet, I'm still with the old default rules.

    Looks like ConfigServer's tool is the way to go, nice to stop specific rules from running per URL.

    Thank you!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice