Author Topic: False positive id 217280 in WordPress admin  (Read 194 times)

Offline andypatnz

  • Newbie
  • *
  • Posts: 3
False positive id 217280 in WordPress admin
« on: September 24, 2018, 05:35:47 PM »
I get a 403 error when attempting to update the definition of a contact form in WordPress.
The error seems to be related to the inclusion of the word 'head' at the start of a line of text of the form.
For example, the text "head and shoulders photo" results in an error whereas "shoulders and head photo" does not.

I have attached an image of the error log

My hosting provider is unhelpful and claims it is a fault in WordPress and the solution is to avoid any text which might result in an error.

What I am really seeking is an explanation of what this particular rule is protecting against, why it should be triggered in this particular case and whether there is a straightforward way of bypassing the problem.

Regards

Andy

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 178
Re: False positive id 217280 in WordPress admin
« Reply #1 on: October 03, 2018, 05:08:51 AM »
Hi andypatnz.

Please provide full modsecurity audit log for this event.

Offline andypatnz

  • Newbie
  • *
  • Posts: 3
Re: False positive id 217280 in WordPress admin
« Reply #2 on: October 15, 2018, 08:34:02 PM »
Hi SergeIP

I went back to my hosting provider who says that the only log he is aware of is the one which I have attached.
Is there anything I can tell him that will enable him to locate the audit log to which you are referring.

Regards
Andy

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 178
Re: False positive id 217280 in WordPress admin
« Reply #3 on: October 18, 2018, 11:09:51 AM »
Hi SergeIP

I went back to my hosting provider who says that the only log he is aware of is the one which I have attached.
Is there anything I can tell him that will enable him to locate the audit log to which you are referring.

Regards
Andy

Hello Andy.
You should report about False Positives here:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html
When you report abou FP you should provide information described:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html;msg869520#msg869520

Please share information about webserver (name, version), WordPress, WP plugin and rules version.

Regards.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek