The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Redirect when quote character: " is present in URL

Discussion in 'General Discussion' started by pwells, Sep 2, 2016.

  1. pwells

    pwells Registered

    Joined:
    Apr 28, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I have set two new servers within the last week, running CloudLinux and WHM. One of these servers is experiencing a strange issue when a quote character is present in the URL.

    The issue is that the URL appears to be redirecting to the root domain whenever a quote character (either urlencoded to: %22 or standard as: ") is present in the URL. This applies for all websites on the server but not the WHM or cPanel interface. Strangely this does not occur on the other server that I set up at the same time, with the exact same settings (it's even in the same configuration cluster).

    As a test, please visit the following URL: dev.example.net.au/test.html
    Now try with the following URL parameter: dev.example.net.au/test.html?test=%22

    For reference, our other server handles this fine: dev.domain.net.au/test.html?test=%22

    Anybody have any ideas what setting may be causing this behaviour?

    Thanks in advance.
     
    #1 pwells, Sep 2, 2016
    Last edited by a moderator: Sep 2, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm unable to reproduce this issue when browsing to the following URL (with and without encoding) in a web browser:

    Code:
    "http://www.example.tld/%22testing%22.php"
    Do you have additional rewrite rules active in the .htaccess file?

    Thank you.
     
  3. pwells

    pwells Registered

    Joined:
    Apr 28, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    It appears that the forum has replaced my URLs with example.net.au making it very difficult to demo this issue.
    Please advise how I can send a real URL through the forum without it being stripped out.


    It is not likely a .htaccess issue as it affects every site and account on the server - not just one account.
     
  4. pwells

    pwells Registered

    Joined:
    Apr 28, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I have also discovered that this issue occurs with other URL encoded characters. For example, a WordPress website on the server which calls the below URL with ajax, 302 redirects to http://dev.example.net.au/, causing the ajax call to fail.

    Code:
    http://dev.example.net.au/acco/wp-admin/admin-ajax.php?action=linktest&url=http%3A%2F%2Fwww.example.com.au%2FIndex.aspx
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The actual URL should not be required.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  7. pwells

    pwells Registered

    Joined:
    Apr 28, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    We were able to resolve this issue yesterday afternoon.

    The ModSecurity system was causing this redirect; specifically the 'Application Attack SQLi' rule set in the OWASP core library.

    This was triggering the following error message in the Apache error logs:
    Code:
    [Tue Sep 06 16:20:31.013126 2016] [:error] [pid 329447] [client ***.***.***.***] ModSecurity: Access denied with redirection to http://dev.example.net.au/ using status 302 (phase 2). Pattern match "(?i:(?:[\\"'`]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`]$)|(?:(?:^[\\"'`\\\\\\\\]*?(?:[\\\\d\\"'`]+|[^\\"'`]+[\\"'`]))+\\\\s*?(?:n?and|x?x?or|div|like|between|and|not|\\\\|\\\\||\\\\&\\\\&)\\\\s*?[\\\\w\\"'`][+&!@(),.-])|(?:[^\\\\w\\\\s]\\\\w+ ..." at ARGS:test. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "108"] [id "981242"] [rev "2"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: \\x22 found within ARGS:test: \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: dev.example.net.au"] [tag "application-multi"] [tag "language-mutli"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "dev.example.net.au"] [uri "/test.html"] [unique_id "V85gL9fy4L1UJMBVzAFsVgAAACA"]
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page