modsecurity rule 1234123436

kernow

Well-Known Member
Jul 23, 2004
995
42
178
cPanel Access Level
Root Administrator
Hi,
We frequently get rule 1234123436 reported, We can disable it of course but wondered if anyone can tell us if the message below is a attempt at reading the config file to hack or part of the normal cart process:
/cart.php?a=byroe&templatefile=../../../configuration.php%00 HTTP/1.1
Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:templatefile outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "52"] [id "1234123436"] [msg "Invalid character in request"] [severity "WARNING"]
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Yes, you will typically see those requests from bots that attempt search the Internet for websites that are open to exploits.

Thank you.