The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OWASP Core Rules + jquery.cookie.min.js issue

Discussion in 'Security' started by Syrehn, Jun 17, 2015.

  1. Syrehn

    Syrehn Registered

    Joined:
    Jul 18, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I currently have ModSecurity™ and the OWASP ModSecurity Core Rule Set installed on my server via ModSecurity™ Vendors.

    I'm bumping into constant issues with jquery.cookie.min.js getting triggered by rule 950004 as "Cross-site Scripting (XSS) Attack".

    I know this is a false positive and all the research I've done on it indicates this is due to outdated rules. I believe this issue was addressed and modsec rules were patched to not flag these files; yet they are indeed still getting flagged.

    Does this mean the OWASP rules that were installed/running are not up to date?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    The patch you linked is several years old, so likely it did not fix all false positive cases. You may just want to whitelist that rule if it is causing you problems; rules like SQL injection and XSS protection are often impossible to get perfect for everyones use.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You should also use the "WHM Home » ModSecurity™ Tools » Hits List » Report Rule" option to report the rule if it's not working as intended.

    Thank you.
     
Loading...

Share This Page