1. False-Positive RuleId
214530
2. Web application + version NA
3. Request headers or at least debug log/modsec_audit.log
---------------------------------------------------------------------------------------------------- --> <!-- <iframe height=\\\\x2260\\\\x22 width=\\\\x221 found within RESPONSE_BODY: <!DOCTYPE html>\\\\x0d\\\\x0a<html lang=\\\\x22en\\\\x22>\\\\x0d\\\\x0a<head>\\\\x0d\\\\x0a\\\\x0d\\\\x0a<link rel=\\\\x22shortcut icon\\\\x22 href=\\\\x22assets/images/minibilde.png\\\\x22/>\\\\x0d\\\\x0a\\\\x0d\\\\x0a<title>Ben og Chris | Official Website</title>\\\\x0d\\\\x0a<meta name=\\\\x22description\\\\x22 content=\\\\x22Ben og Chris | Musikkgruppe fra Oppland som prod [hostname "xxxx.com"] [uri "/index.php"] [unique_id "WgpH16wVE[at]xlQLsYbs99TwAAAJg"]
Host: xxxx.com
Message: Access denied with code 403 (phase 4). Pattern match "<[^a-zA-Z0-9_]{0,}iframe\\s+(?!src=\\x22//www\\.googletagmanager\\.com)[^>]{1,}?\\b(?:height|width)\\b[^a-zA-Z0-9_]{0,}?=[^a-zA-Z0-9_]{0,}?[\\x22']{0,1}[^\\x22'123456789]{0,}?(?:[0123](?:\\.[0-9]{0,}){0,1}%|(?:1{0,1}[0-9](?:\\.[0-9]{0,}){0,1}|20)(?![0- ..." at RESPONSE_BODY. [file "/var/cpanel/cwaf/rules/21_Outgoing_FilterInFrame.conf"] [line "14"] [id "214530"] [rev "3"] [msg "COMODO WAF: Possibly malicious iframe tag in output||xxxx.com|F|4"] [data "Matched Data: <!-- ---------------------------------------------------------------------------------------------------- --> <!-- <iframe height=\x2260\x22 width=\x221 found within RESPONSE_BODY: <!DOCTYPE html>\x0d\x0a<html lang=\x22en\x22>\x0d\x0a<head>\x0d\x0a\x0d\x0a<link rel=\x22shortcut icon\x22 href=\x22assets/images/minibilde.png\x22/>\x0d\x0a\x0d\x0a<title>Ben og Chris | Official Website</title>\x0d\x0a<meta name=\x22description\x22 content=\x22Ben og Chris | Musikkgruppe fra Oppland som prod
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client x.x.x.x] ModSecurity: Access denied with code 403 (phase 4). Pattern match "<[^a-zA-Z0-9_]{0,}iframe\\\\\\\\s+(?!src=\\\\\\\\x22//www\\\\\\\\.googletagmanager\\\\\\\\.com)[^>]{1,}?\\\\\\\\b(?:height|width)\\\\\\\\b[^a-zA-Z0-9_]{0,}?=[^a-zA-Z0-9_]{0,}?[\\\\\\\\x22']{0,1}[^\\\\\\\\x22'123456789]{0,}?(?:[0123](?:\\\\\\\\.[0-9]{0,}){0,1}%|(?:1{0,1}[0-9](?:\\\\\\\\.[0-9]{0,}){0,1}|20)(?![0- ..." at RESPONSE_BODY. [file "/var/cpanel/cwaf/rules/21_Outgoing_FilterInFrame.conf"] [line "14"] [id "214530"] [rev "3"] [msg "COMODO WAF: Possibly malicious iframe tag in output||xxx.com|F|4"] [data "Matched Data: <!-- ---------------------------------------------------------------------------------------------------- --> <!-- <iframe
turned off rule