prestashop (ecommerce) and mod_security - legitime ip blocked

dandumit

Member
May 5, 2021
9
0
1
Bucharest
cPanel Access Level
Website Owner
hello All,
I have a prestashop (ecommerce) installed and I have activated mod security.
Soon including my ip was blocked. browsing other forums I saw some reasoning due to multiple ajax calls.
How I can fix this ? I would like to have mod_security activated.

Thank you,
Daniel
 
Last edited by a moderator:

kodeslogic

Well-Known Member
PartnerNOC
Apr 26, 2020
441
207
118
IN
cPanel Access Level
Root Administrator
Please share some error logs if any modsec rule triggered.
 

dandumit

Member
May 5, 2021
9
0
1
Bucharest
cPanel Access Level
Website Owner
Hello @kodeslogic
Those 3 lines are repeating zilion of times .


2021-05-09 20:40:17www.dioda.ro79.119.87.63CRITICAL403941120: XSS Filter - Category 2: Event Handler Vector
Hide
Request:
GET /lampa-uv-c-sterilizare-bactericida/21155-mini-lampa-uv-c-dezinfectare-14mili-watt.html
Action Description:
Warning.
Justification:
Pattern match "(?i)([\\s\"'`;\\/0-9\\=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]+on[a-zA-Z]+[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=)" at REQUEST_COOKIES:PrestaShop-d3c46ede3e5104ffd311a97956e5ce0e.
Report this hit
2021-05-09 20:40:17www.dioda.ro79.119.87.63CRITICAL403949110: Inbound Anomaly Score Exceeded (Total Score: 5)
More
2021-05-09 20:40:17www.dioda.ro79.119.87.63403980130: Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector
More

I was too clueless and I have loaded Comodo apache rules set and now it's not happening anymore.
But I would like to come back to OWASP... I guess that it's better.
Please tell me where else I should look ? What I should do ?

Thank you,
Daniel
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,630
363
cPanel Access Level
Root Administrator
The documentation here explains how you can whitelist the rules that are causing issues:


Can you try that and see if that gets things working with the OWASP rule set?
 
  • Like
Reactions: dandumit
Thread starter Similar threads Forum Replies Date
G Security 0