Hi,
We frequently get rule 1234123436 reported, We can disable it of course but wondered if anyone can tell us if the message below is a attempt at reading the config file to hack or part of the normal cart process:
We frequently get rule 1234123436 reported, We can disable it of course but wondered if anyone can tell us if the message below is a attempt at reading the config file to hack or part of the normal cart process:
/cart.php?a=byroe&templatefile=../../../configuration.php%00 HTTP/1.1
Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:templatefile outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "52"] [id "1234123436"] [msg "Invalid character in request"] [severity "WARNING"]