modsecurity rule 1234123436

kernow

Well-Known Member
Jul 23, 2004
970
35
178
cPanel Access Level
Root Administrator
Hi,
We frequently get rule 1234123436 reported, We can disable it of course but wondered if anyone can tell us if the message below is a attempt at reading the config file to hack or part of the normal cart process:
/cart.php?a=byroe&templatefile=../../../configuration.php%00 HTTP/1.1
Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:templatefile outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "52"] [id "1234123436"] [msg "Invalid character in request"] [severity "WARNING"]