ModSecurity disabled but ModSecurity: Access denied with redirection to

jonh

Well-Known Member
Feb 15, 2016
86
5
8
NY
cPanel Access Level
Root Administrator
ModSecurity is enabled, I'm not sue what I wasn't seeing the settings pages before. I'm just not sure why one website would be having this issue. It's basically making the website inaccessible.

It's a basic wordpress website. It was working fine on another cpanel server just the other day. I migrated all sites to a new server and this one site is having this issue now.


981257: Detects MySQL comment-/space-obfuscated injections and backticktermination

I've disabled this rule in mod security and the error still occurs after restarting apache.

I've disabled OWASP ModSecurity Core Rule Set for now so the site is back up.

[Mon Mar 28 11:54:38.453277 2016] [:error] [pid 10781:tid 139999104182016] [client 69.123.166.238] ModSecurity: Access denied with redirection to http://wwwdomain.com/ using status 302 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`][\\"'`](?:[\\"'`].*?[\\"'`]|\\\\Z|[^\\"'`]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())" at REQUEST_COOKIES:_tidioOne_. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "82"] [id "981257"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22string\\x22],\\x22tidioOneFlagAutoCreateVisitor\\x22:[\\x221\\x22, found within REQUEST_COOKIES:_tidioOne_: {\\x22tidioOneVistiorId\\x22:[\\x222qjeon24m7l3ezy1mkhflzkeutbf368m\\x22,\\x22string\\x22],\\x22tidioOneFlagAutoCreateVisitor\\x22:[\\x221\\x22,\\x22string\\x22],\\x22tidioOneVisitorDataHash\\x22:[\\x2299914b932bd37a50b983c5e7c90ae93b\\x22,\\x22string\\x22]}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.doma [hostname "www.domain.com"] [uri "/"] [unique_id "VvlTvmjPh8gAACodJDQAAABI"]
 
Last edited: