The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity disabled but ModSecurity: Access denied with redirection to

Discussion in 'General Discussion' started by jonh, Mar 28, 2016.

  1. jonh

    jonh Well-Known Member

    Joined:
    Feb 15, 2016
    Messages:
    49
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    NY
    cPanel Access Level:
    Root Administrator
    ModSecurity is enabled, I'm not sue what I wasn't seeing the settings pages before. I'm just not sure why one website would be having this issue. It's basically making the website inaccessible.

    It's a basic wordpress website. It was working fine on another cpanel server just the other day. I migrated all sites to a new server and this one site is having this issue now.


    981257: Detects MySQL comment-/space-obfuscated injections and backticktermination

    I've disabled this rule in mod security and the error still occurs after restarting apache.

    I've disabled OWASP ModSecurity Core Rule Set for now so the site is back up.

    [Mon Mar 28 11:54:38.453277 2016] [:error] [pid 10781:tid 139999104182016] [client 69.123.166.238] ModSecurity: Access denied with redirection to http://wwwdomain.com/ using status 302 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`][\\"'`](?:[\\"'`].*?[\\"'`]|\\\\Z|[^\\"'`]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())" at REQUEST_COOKIES:_tidioOne_. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "82"] [id "981257"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22string\\x22],\\x22tidioOneFlagAutoCreateVisitor\\x22:[\\x221\\x22, found within REQUEST_COOKIES:_tidioOne_: {\\x22tidioOneVistiorId\\x22:[\\x222qjeon24m7l3ezy1mkhflzkeutbf368m\\x22,\\x22string\\x22],\\x22tidioOneFlagAutoCreateVisitor\\x22:[\\x221\\x22,\\x22string\\x22],\\x22tidioOneVisitorDataHash\\x22:[\\x2299914b932bd37a50b983c5e7c90ae93b\\x22,\\x22string\\x22]}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.doma [hostname "www.domain.com"] [uri "/"] [unique_id "VvlTvmjPh8gAACodJDQAAABI"]
     
    #1 jonh, Mar 28, 2016
    Last edited: Mar 28, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page