prestashop (ecommerce) and mod_security - legitime ip blocked

[dandumit]

hello All,
I have a prestashop (ecommerce) installed and I have activated mod security.
Soon including my ip was blocked. browsing other forums I saw some reasoning due to multiple ajax calls.
How I can fix this ? I would like to have mod_security activated.

Thank you,
Daniel

 

[kodeslogic]

Please share some error logs if any modsec rule triggered.

 

[dandumit]

Hello @kodeslogic
Those 3 lines are repeating zilion of times .

2021-05-09 20:40:17	www.dioda.ro	79.119.87.63	CRITICAL	403	941120: XSS Filter - Category 2: Event Handler Vector Hide
Request: GET /lampa-uv-c-sterilizare-bactericida/21155-mini-lampa-uv-c-dezinfectare-14mili-watt.html Action Description: Warning. Justification: Pattern match "(?i)([\\s\"'`;\\/0-9\\=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]+on[a-zA-Z]+[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=)" at REQUEST_COOKIES:PrestaShop-d3c46ede3e5104ffd311a97956e5ce0e. Report this hit
2021-05-09 20:40:17	www.dioda.ro	79.119.87.63	CRITICAL	403	949110: Inbound Anomaly Score Exceeded (Total Score: 5) More
2021-05-09 20:40:17	www.dioda.ro	79.119.87.63		403	980130: Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector More

I was too clueless and I have loaded Comodo apache rules set and now it's not happening anymore.
But I would like to come back to OWASP... I guess that it's better.
Please tell me where else I should look ? What I should do ?

Thank you,
Daniel

 

[cPRex]

The documentation here explains how you can whitelist the rules that are causing issues:

ModSecurity® Tools | cPanel & WHM Documentation

The ModSecurity® Tools interface allows you to install and manage ModSecurity rules.

docs.cpanel.net

Can you try that and see if that gets things working with the OWASP rule set?