prestashop (ecommerce) and mod_security - legitime ip blocked

dandumit

Member
May 5, 2021
5
0
1
Bucharest
cPanel Access Level
Website Owner
hello All,
I have a prestashop (ecommerce) installed and I have activated mod security.
Soon including my ip was blocked. browsing other forums I saw some reasoning due to multiple ajax calls.
How I can fix this ? I would like to have mod_security activated.

Thank you,
Daniel
 
Last edited by a moderator:

dandumit

Member
May 5, 2021
5
0
1
Bucharest
cPanel Access Level
Website Owner
Hello @kodeslogic
Those 3 lines are repeating zilion of times .


2021-05-09 20:40:17www.dioda.ro79.119.87.63CRITICAL403941120: XSS Filter - Category 2: Event Handler Vector
Hide
Request:
GET /lampa-uv-c-sterilizare-bactericida/21155-mini-lampa-uv-c-dezinfectare-14mili-watt.html
Action Description:
Warning.
Justification:
Pattern match "(?i)([\\s\"'`;\\/0-9\\=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]+on[a-zA-Z]+[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=)" at REQUEST_COOKIES:PrestaShop-d3c46ede3e5104ffd311a97956e5ce0e.
Report this hit
2021-05-09 20:40:17www.dioda.ro79.119.87.63CRITICAL403949110: Inbound Anomaly Score Exceeded (Total Score: 5)
More
2021-05-09 20:40:17www.dioda.ro79.119.87.63403980130: Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector
More

I was too clueless and I have loaded Comodo apache rules set and now it's not happening anymore.
But I would like to come back to OWASP... I guess that it's better.
Please tell me where else I should look ? What I should do ?

Thank you,
Daniel
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,492
1,008
313
cPanel Access Level
Root Administrator
The documentation here explains how you can whitelist the rules that are causing issues:


Can you try that and see if that gets things working with the OWASP rule set?
 
  • Like
Reactions: dandumit
Thread starter Similar threads Forum Replies Date
G Security 0