Author Topic: False-Positive report thread  (Read 74741 times)

Offline SPDTeam

  • Newbie
  • *
  • Posts: 2
Re: False-Positive report thread
« Reply #285 on: November 16, 2020, 12:53:04 PM »
Using ModSec WHM Apache, ruleset 2.9.3.

Rule: 211540 - Blind SQL Injection Attack

Pattern match "(?i:\\b(?:t(?:able_name\\b|extpos[^a-zA-Z0-9_]{1,}\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:object_type.

Rule is specifically blocking Yoast SEO WordPress plugin. Example request:

GET /wp-json/yoast/v1/link_suggestions?prominent_words%5Bphn%5D=6&prominent_words%5Bhnecc%5D=5&prominent_words%5Baustralium%5D=4&prominent_words%5Bracf%5D=4&object_id=3783&object_type=post

This issue has already been raised with Yoast but they are saying that the rule is at fault, not their plugin. Ref:

https://github.com/Yoast/wordpress-seo/issues/16018

Offline mrdebian

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #286 on: December 02, 2020, 09:55:45 AM »
Rules:
212740
211220

Both throwing 403 error when trying to save in WHMCS backend nearly everything. Is there a solution on this or we have to disable them?

Current rules version   1.233 (Latest version)
CWAF plugin version   2.24.5 (Latest version)
Web Platform   Apache
Apache version   2.4.38
Mod_security compatible   yes
Mod_security loaded   yes
Mod_security conf   /etc/apache2/conf-enabled/zzzz_cwaf_security2.conf

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: False-Positive report thread
« Reply #287 on: December 03, 2020, 03:55:38 AM »
Rules:
212740
211220

Both throwing 403 error when trying to save in WHMCS backend nearly everything. Is there a solution on this or we have to disable them?

Current rules version   1.233 (Latest version)
CWAF plugin version   2.24.5 (Latest version)
Web Platform   Apache
Apache version   2.4.38
Mod_security compatible   yes
Mod_security loaded   yes
Mod_security conf   /etc/apache2/conf-enabled/zzzz_cwaf_security2.conf

please provide modsecurity audit logs (modsec_audit.log) for these events. For example - in the post from SPDTeam we can find that we should exclude "object_type" argument from the rule.

Offline mrdebian

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #288 on: December 03, 2020, 04:37:10 AM »
Here are the logs (I've just changed the IP and real domain). All the following rules give false positive:

212740
212960
212970
213060


Code: [Select]
[Thu Dec 03 11:34:29.699355 2020] [:error] [pid 1153] [client 178.1.1.1:56908] [client 178.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||my.website.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8ixJXZWGtMnPrQQTL7fRQAAAAU"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:40:03.085246 2020] [:error] [pid 2831] [client 178.147.1.1:57054] [client 178.147.1.1] ModSecurity: Rule 7efebc3f0ba8 [id "-"][file "/usr/local/cwaf/rules/07_XSS_XSS.conf"][line "100"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8iycg-ghFgXNfQ4qS47cAAAAAk"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:40:03.088583 2020] [:error] [pid 2831] [client 178.147.1.1:57054] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<meta.{0,}?http-equiv\\\\/{0,}?=\\\\/{0,}?[\\\\x22'`]{0,1}(?:c|r|s|&#?x?0{0,}?(?:67|43|99|63|82|52|114|72|83|53|115|73);?)" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "125"] [id "212960"] [rev "5"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||my.website.com|F|2"] [data "Matched Data: <metahttp-equiv=\\x22c found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyl..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8iycg-ghFgXNfQ4qS47cAAAAAk"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:43:31.845674 2020] [:error] [pid 3080] [client 178.147.1.1:57121] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<meta.{0,}?charset\\\\/{0,}=" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "128"] [id "212970"] [rev "5"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||my.website.com|F|2"] [data "Matched Data: <metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset= found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x2..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8izQyk3Rt35mfmJlmt8igAAAAM"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:44:57.057504 2020] [:error] [pid 3194] [client 178.147.1.1:57148] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\\\bx(?:link:href|html|mlns)|!ENTITY\\\\b.*?\\\\b(?:SYSTEM|PUBLIC)|\\\\bdata:text\\\\/html))" at ARGS:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "173"] [id "213060"] [rev "5"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||my.website.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8izmFbKynWgc17n5X3QTAAAAAI"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8
« Last Edit: December 03, 2020, 04:47:28 AM by mrdebian »

Offline NilsO

  • Newbie
  • *
  • Posts: 2
Re: False-Positive report thread
« Reply #289 on: December 08, 2020, 06:11:40 AM »
I'm suspecting a few false positives in certain rules:

Current rules version   1.232
CWAF plugin version   2.24.5

211700
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:26:41 +0100","transaction_id":"X89U4NGFViaeX1-aIh3cjAAAHDc","remote_address":"194.165.34.247","remote_port":49604,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test.php HTTP/2.0","headers":{"Content-Length":"26059","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.nl","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Ch1%3E%0D%0A%09%09Conditions+and+Terms%3C%2Fh1%3E%0D%0A%09%09CONTENTS%3Cbr+%2F%3E%0D%0A%09%09Article+1+-+Definitions%3Cbr+%2F%3E%0D%0A%09%09Article+2+-+The+Entrepreneur%E2%80%99s+identity%3Cbr+%2F%3E%0D%0A%09%09Article+3+-+Applicability%3Cbr+%2F%3E%0D%0A%09%09Article+4+-+The+offer%3Cbr+%2F%3E%0D%0A%09%09Article+5+-+The+agreement%3Cbr+%2F%3E%0D%0A%09%09Article+6+-+Right+of+withdrawal%3Cbr+%2F%3E%0D%0A%09%09Article+7+-+Consumer%E2%80%99s+obligations+during+the+reflection+period%3Cbr+%2F%3E%0D%0A%09%09Article+8+-+Exercising+the+Consumer%E2%80%99s+right+of+withdrawal+and+the+costs%3Cbr+%2F%3E%0D%0A%09%09Article+9+-+Entrepreneur%E2%80%99s+obligation+in+case+of+withdrawal%3Cbr+%2F%3E%0D%0A%09%09Article+10+-+The+price%3Cbr+%2F%3E%0D%0A%09%09Article+11+-+Performance+of+an+agreement+and+extra+guaranty%3Cbr+%2F%3E%0D%0A%09%09Article+12+-+Delivery+and+execution%3Cbr+%2F%3E%0D%0A%09%09Article+13+-+Payment%3Cbr+%2F%3E%0D%0A%09%09Article+14+-+Complaints+procedure%3Cbr+%2F%3E%0D%0A%09%09Article+15+-+Disputes%3Cbr+%2F%3E%0D%0A%09%09Article+16+-+Amendment+to+the+General+Terms+and+Conditions+%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+1+%E2%80%93+Definitions%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%09In+these+Terms+and+Conditions%2C+the+following+terms+shall+have+the+following%3Cbr+%2F%3E%0D%0A%09%09meanings%3A%3Cbr+%2F%3E%0D%0A%09%091.+Additional+agreement%3A+an+agreement+in+which+the+Consumer+acquires%3Cbr+%2F%3E%0D%0A%09%09products+with+respect+to+an+agreement+and+these+goods%2C+are+delivered+%3Cbr+%2F%3E%0D%0A%09%09by+the+Entrepreneur+or+a+third+party+on+the+basis+of+an+arrangement+between+this%3Cbr+%2F%3E%0D%0A%09%09third+party+and+the+Entrepreneur%3B%3Cbr+%2F%3E%0D%0A%09%092.+Reflection+period%3A+the+period+during+which+the+Consumer+may+use+his%3Cbr+%2F%3E%0D%0A%09%09right+of+withdrawal%3B%3Cbr+%2F%3E%0D%0A%09%093.+Consumer%3A+the+natural+person+who+does+not+act+for+purposes+related+to%3Cbr+%2F%3E%0D%0A%09%09his%2Fher+commercial%2C+trade%2C+craft+or+professional+activities+or+the+%28natural%29+person+who+acts+%3Cbr+%2F%3E%0D%0A%09%09for+purposes+related+to+his%2Fher+commercial%2C+trade%2C+craft+or+professional+activities%3B%3Cbr+%2F%3E%0D%0A%09%094.+Day%3A+calendar+day%3B%3Cbr+%2F%3E%0D%0A%09%095.+Continuing+performance+contract%3A+a+contract+serving+to+deliver+goods+in+a+given+period%3B%3Cbr+%2F%3E%0D%0A%09%096.+Sustainable+data+carrier%3A+any+means%2C+including+email%2C+that+allow+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+or+the+Entrepreneur+to+store+information+directed+to+him%2Fher%3Cbr+%2F%3E%0D%0A%09%09personally+in+such+a+manner+that+makes+future+consultation+and+use+possible%3Cbr+%2F%3E%0D%0A%09%09during+a+period+that+matches+the+purpose+for+which+the+information+is%3Cbr+%2F%3E%0D%0A%09%09destined+and+which+makes+unaltered+reproduction+of+the+stored+information%3Cbr+%2F%3E%0D%0A%09%09possible.%3Cbr+%2F%3E%0D%0A%09%097.+Right+of+withdrawal%3A+the+Consumer%E2%80%99s+option+not+to+proceed+with+the+agreement+within+%3Cbr+%2F%3E%0D%0A%09%09the+cooling-off+period%3B%3Cbr+%2F%3E%0D%0A%09%098.+Entrepreneur%3A+The+VAT+Consultancy+Firm+B.V.%3B%3Cbr+%2F%3E%0D%0A%09%099.+Contract%3A+a+contract+concluded+by+the+Entrepreneur+and+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+within+the+scope+of+an+organised+system+for+selling+products%2C+whereby+%3Cbr+%2F%3E%0D%0A%09%09exclusive+or+additional+use+is+made+of+one+or+more+technologies+of+distance+communication+%3Cbr+%2F%3E%0D%0A%09%09up+to+the+conclusion+of+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%0910.+Technology+for+distance+communication%3A+a+means+to+be+used+for%3Cbr+%2F%3E%0D%0A%09%09concluding+an+agreement+without+the+Consumer+and+the+Entrepreneur+being%3Cbr+%2F%3E%0D%0A%09%09together+in+the+same+place+at+the+same+time.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+2+%E2%80%93+The+Entrepreneur%E2%80%99s+identity%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%09Name+of+Entrepreneur%3A+The+VAT+Consultancy+Firm+B.V.%3Cbr+%2F%3E%0D%0A%09%09Business+address%3A+Hoofdgracht+61%2C+1411+LB+Naarden%3Cbr+%2F%3E%0D%0A%09%09Telephone+number%3A+%2B31+%280%29+35+694+01+26+%3Cbr+%2F%3E%0D%0A%09%09Email+address%3A+info%40europeanvathandbook.com%3Cbr+%2F%3E%0D%0A%09%09Chamber+of+Commerce+number%3A+69153124%3Cbr+%2F%3E%0D%0A%09%09VAT+identification+number+NL857756060B01%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+3+%E2%80%93+Applicability%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+These+General+Terms+and+Conditions+apply+to+any+offer+from+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09and+to+any+contract+concluded+by+the+Entrepreneur+and+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%092.+Before+concluding+a+contract%2C+the+Entrepreneur+shall+make+the+text+of%3Cbr+%2F%3E%0D%0A%09%09these+General+Terms+and+Conditions+available+free+of+charge+and+as+soon+as%3Cbr+%2F%3E%0D%0A%09%09possible.+If+this+is+reasonably+impossible%2C+the+Entrepreneur+shall+indicate+in%3Cbr+%2F%3E%0D%0A%09%09what+way+the+General+Terms+and+conditions+can+be+inspected+and+that+they%3Cbr+%2F%3E%0D%0A%09%09will+be+sent+free+of+charge+if+so+requested%2C+before+the+contract+is+concluded.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+contract+is+concluded+electronically%2C+the+text+of+these+General%3Cbr+%2F%3E%0D%0A%09%09Terms+and+Conditions%2C+in+deviation+from+the+previous+section+and+before+the%3Cbr+%2F%3E%0D%0A%09%09contract+is+concluded%2C+may+also+be+supplied+to+the+Consumer%3Cbr+%2F%3E%0D%0A%09%09electronically+in+such+a+way+that+the+Consumer+can+easily+store+it+on+a+longterm%3Cbr+%2F%3E%0D%0A%09%09data+carrier.+If+this+is+reasonably+impossible%2C+it+will+be+specified+where%3Cbr+%2F%3E%0D%0A%09%09the+General+Terms+and+Conditions+can+be+viewed+electronically+and+that+they%3Cbr+%2F%3E%0D%0A%09%09will+be+sent+to+at+the+Consumer%C2%B4s+request+free+of+charge%2C+either+via%3Cbr+%2F%3E%0D%0A%09%09electronic+means+or+otherwise%2C+before+concluding+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%094.+In+the+event+that+specific+product+or+service+condition+apply+in+addition+to%3Cbr+%2F%3E%0D%0A%09%09these+General+Terms+and+Conditions%2C+the+second+and+third+paragraphs+shall%3Cbr+%2F%3E%0D%0A%09%09apply+accordingly%2C+and+in+the+event+of+contradictory+terms+and+conditions%2C+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+may+always+appeal+to+the+applicable+provision+that+is+most%3Cbr+%2F%3E%0D%0A%09%09favourable+to+him%2Fher.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+4+%E2%80%93+The+offer%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+an+offer+is+of+limited+duration+or+if+certain+conditions+apply%2C+it+shall+be%3Cbr+%2F%3E%0D%0A%09%09explicitly+stated+in+the+offer.%3Cbr+%2F%3E%0D%0A%09%092.+The+offer+contains+a+full+and+accurate+description+of+the+products+offered.+%3Cbr+%2F%3E%0D%0A%09%09The+description+is+suitably+detailed+to+enable+the+Consumer+to+assess+the+%3Cbr+%2F%3E%0D%0A%09%09products+adequately.+If+the+Entrepreneur+makes+use+of+pictures%2C+they+are+truthful+%3Cbr+%2F%3E%0D%0A%09%09images+of+the+products+and%2For+services+provided.+%3Cbr+%2F%3E%0D%0A%09%09Obvious+errors+or+mistakes+in+the+offer+do+not+bind+the+Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%093.+All+offers+contain+such+information+that+it+is+clear+to+the+Consumer+what+rights%3Cbr+%2F%3E%0D%0A%09%09and+obligations+are+attached+to+accepting+the+offer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+5+%E2%80%93+The+contract%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Subject+to+the+provisions+in+paragraph+4%2C+the+contract+becomes+valid+when+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+has+accepted+the+offer+and+fulfilled+the+terms+and+conditions+set.%3Cbr+%2F%3E%0D%0A%09%092.+If+the+Consumer+accepted+the+offer+via+electronic+means%2C+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09shall+confirm+receipt+of+having+accepted+the+offer+via+electronic+means+within+%3Cbr+%2F%3E%0D%0A%09%09reasonable+time.+As+long+as+the+receipt+of+said+acceptance+has+not+been+%3Cbr+%2F%3E%0D%0A%09%09confirmed%2C+the+Consumer+may+repudiate+the+contract.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+contract+is+concluded+electronically%2C+the+Entrepreneur+will+take%3Cbr+%2F%3E%0D%0A%09%09appropriate+technical+and+organisational+security+measures+for+the+electronic%3Cbr+%2F%3E%0D%0A%09%09data+transfer+and+ensure+a+safe+web+environment.+If+the+Consumer+can+pay%3Cbr+%2F%3E%0D%0A%09%09electronically%2C+the+Entrepreneur+shall+observe+appropriate+security+measures.%3Cbr+%2F%3E%0D%0A%09%094.+The+Entrepreneur+may%2C+within+the+limits+of+the+law%2C+gather+information+about%3Cbr+%2F%3E%0D%0A%09%09Consumer%E2%80%99s+ability+to+fulfil+his+payment+obligations%2C+and+all+facts+and+factors%3Cbr+%2F%3E%0D%0A%09%09relevant+to+responsibly+concluding+the+contract.+If%2C+acting+on+the%3Cbr+%2F%3E%0D%0A%09%09results+of+this+investigation%2C+the+Entrepreneur+has+sound+reasons+for+not%3Cbr+%2F%3E%0D%0A%09%09concluding+the+contract%2C+he+is+lawfully+entitled+to+refuse+an+order+or+request%3Cbr+%2F%3E%0D%0A%09%09supported+by+reasons%2C+or+to+attach+special+terms+to+the+implementation.%3Cbr+%2F%3E%0D%0A%09%095.+Before+delivering+the+product%2C+the+Entrepreneur+shall+send+the+following%3Cbr+%2F%3E%0D%0A%09%09information+along+with+the+product+in+writing%3A%3Cbr+%2F%3E%0D%0A%09%09a.+the+conditions+on+which+and+the+manner+in+which+the+Consumer+may%3Cbr+%2F%3E%0D%0A%09%09exercise+the+right+of+withdrawal%2C+or%2C+as+the+case+may+be%2C+clear+information%3Cbr+%2F%3E%0D%0A%09%09about+his+being+exempted+from+the+right+of+withdrawal%3B%3Cbr+%2F%3E%0D%0A%09%09b.+The+price+excluding+all+taxes+of+the+product%2C+where+applicable+the+delivery+%3Cbr+%2F%3E%0D%0A%09%09costs+and+the+way+of+payment%2C+delivery+or+implementation+of+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+6+%E2%80%93+Right+of+withdrawal%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Consumer+can+repudiate+a+purchase+contract+for+a+product+without+giving%3Cbr+%2F%3E%0D%0A%09%09reasons+for+a+period+of+reflection+of+at+least+7+days.+The+Entrepreneur+may%3Cbr+%2F%3E%0D%0A%09%09ask+the+Consumer+about+the+reason+for+the+withdrawal+but+cannot+force%3Cbr+%2F%3E%0D%0A%09%09him+to+state+his+reason%28s%29.%3Cbr+%2F%3E%0D%0A%09%092.+The+reflection+period+referred+to+in+sub-clause+1+starts+on+the+day+the+product%3Cbr+%2F%3E%0D%0A%09%09is+received+by+the+Consumer+or+by+a+third+party+appointed+by+him+in+advance%3Cbr+%2F%3E%0D%0A%09%09and+who+is+not+the+carrier%2C+or%3Cbr+%2F%3E%0D%0A%09%09a.+if+the+Consumer+ordered+several+products+in+the+same+order%3A+the+day+on%3Cbr+%2F%3E%0D%0A%09%09which+the+Consumer+or+a+third+party+appointed+by+him+received+the%3Cbr+%2F%3E%0D%0A%09%09last+product.+The+Entrepreneur+may+refuse+an+order+of+several+products+with+%3Cbr+%2F%3E%0D%0A%09%09different+delivery+dates+provided+that+he+clearly+informs+the+Consumer+prior+to+%3Cbr+%2F%3E%0D%0A%09%09the+order+process.%3Cbr+%2F%3E%0D%0A%09%09b.+in+case+of+an+agreement+about+regular+delivery+of+products+during+a%3Cbr+%2F%3E%0D%0A%09%09given+period%3A+the+day+on+which+the+Consumer+or+a+third+party+appointed%3Cbr+%2F%3E%0D%0A%09%09by+him+received+the+first+product.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+Entrepreneur+provided+the+Consumer+with+the+information+referred%3Cbr+%2F%3E%0D%0A%09%09to+in+the+previous+article+within+twelve+months+after+the+starting+day+of+the%3Cbr+%2F%3E%0D%0A%09%09original+period+of+reflection%2C+the+period+of+reflection+expires+7+day+after+the%3Cbr+%2F%3E%0D%0A%09%09day+on+which+the+Consumer+received+the+information.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+7+%E2%80%93+Consumer%E2%80%99s+obligations+during+the+time+of+reflection%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+During+this+period%2C+the+Consumer+shall+handle+the+product+and+the+packaging%3Cbr+%2F%3E%0D%0A%09%09with+care.+The+Consumer+shall+only+unpack+or+use+the+product+to+the+extent%3Cbr+%2F%3E%0D%0A%09%09necessary+for+establishing+the+nature%2C+the+characteristics+and+the+effect+of+the%3Cbr+%2F%3E%0D%0A%09%09product.+The+guiding+principle+is+that+the+Consumer+may+only+handle+and%3Cbr+%2F%3E%0D%0A%09%09inspect+the+product+in+the+manner+in+which+one+is+allowed+to+handle+a+product%3Cbr+%2F%3E%0D%0A%09%09in+a+shop.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+is+only+liable+for+the+decrease+in+value+of+the+product+that+is%3Cbr+%2F%3E%0D%0A%09%09caused+by+the+way+of+handling+the+product+which+went+further+than%3Cbr+%2F%3E%0D%0A%09%09allowed+in+sub-section+1.%3Cbr+%2F%3E%0D%0A%09%093.+The+Consumer+is+not+liable+for+the+decrease+in+value+of+the+product+if+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+has+not+provided+him+with+all+legal+information+about+the+right+of%3Cbr+%2F%3E%0D%0A%09%09withdrawal+before+concluding+the+Agreement.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+8+%E2%80%93+Exercising+the+Consumer%E2%80%99s+right+of+withdrawal+and+the+costs%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+the+Consumer+exercises+his+right+of+withdrawal+he+shall+notify+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+unambiguously+within+the+period+of+reflection.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+shall+return+the+product+or+deliver+it+to+%28the+authorized%3Cbr+%2F%3E%0D%0A%09%09representative+of%29+the+Entrepreneur+as+soon+as+possible+but+within+14+days%3Cbr+%2F%3E%0D%0A%09%09counting+from+the+day+following+the+notification+referred+to+in+sub-clause+1.%3Cbr+%2F%3E%0D%0A%09%09The+Consumer+observed+the+period+of+returning+the+product+in+any+event+if+the%3Cbr+%2F%3E%0D%0A%09%09product+is+returned+before+the+expiration+of+the+period+of+reflection.%3Cbr+%2F%3E%0D%0A%09%093.+The+Consumer+shall+return+the+product+and+if+reasonably+possible+in+the+%3Cbr+%2F%3E%0D%0A%09%09original+state+and+packing+and+in+conformity+with+reasonable+and+clear+instructions+%3Cbr+%2F%3E%0D%0A%09%09given+by+the+Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%094.+The+risk+and+the+burden+of+proof+for+the+correct+and+timely+exercise+of+the%3Cbr+%2F%3E%0D%0A%09%09right+of+withdrawal+fall+on+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%095.+The+Consumer+shall+bear+the+direct+costs+of+returning+the+product.+%3Cbr+%2F%3E%0D%0A%09%096.+If+the+Consumer+exercises+his+right+of+withdrawal%2C+all+additional+agreements%3Cbr+%2F%3E%0D%0A%09%09end+by+operation+of+law.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+9+%E2%80%93+Entrepreneur%E2%80%99s+obligations+in+case+of+withdrawal%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+the+Entrepreneur+makes+the+notification+of+withdrawal+by+electronic+means%3Cbr+%2F%3E%0D%0A%09%09possible%2C+he+shall+send+a+return+receipt+within+seven+%287%29+days.%3Cbr+%2F%3E%0D%0A%09%092.+The+Entrepreneur+shall+reimburse+all+payments+made+by+the+Consumer%2C%3Cbr+%2F%3E%0D%0A%09%09excluding+any+delivery+costs+that+the+Consumer+may+charge+for+the+returned%3Cbr+%2F%3E%0D%0A%09%09product%2C+as+soon+as+possible+but+within+14+days+following+the+day+on+which%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+notified+him+of+the+withdrawal.+Unless+the+Entrepreneur+offers%3Cbr+%2F%3E%0D%0A%09%09to+collect+the+product+himself%2C+he+can+wait+with+paying+back+until+having%3Cbr+%2F%3E%0D%0A%09%09received+the+product+or+until+the+Consumer+proved+that+he+returned+the%3Cbr+%2F%3E%0D%0A%09%09product%2C+whichever+occurs+first.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+10+-+The+price%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+prices+of+the+products+and%2For+services+provided+shall+not+be+raised+during%3Cbr+%2F%3E%0D%0A%09%09the+validity+period+given+in+the+offer.%3Cbr+%2F%3E%0D%0A%09%092.+Price+increases+within+3+months+after+concluding+the+contract+are+permitted%3Cbr+%2F%3E%0D%0A%09%09only+if+they+are+the+result+of+new+legislation.%3Cbr+%2F%3E%0D%0A%09%093.+Price+increases+from+3+months+after+concluding+the+contract+are+permitted%3Cbr+%2F%3E%0D%0A%09%09only+if+the+Entrepreneur+has+stipulated+it+and%3Cbr+%2F%3E%0D%0A%09%09a.+they+are+the+result+of+legal+regulations+or+stipulations%2C+or%3Cbr+%2F%3E%0D%0A%09%09b.+the+Consumer+has+the+authority+to+cancel+the+contract+before+the+day+on%3Cbr+%2F%3E%0D%0A%09%09which+the+price+increase+starts.%3Cbr+%2F%3E%0D%0A%09%094.+All+prices+indicated+in+the+provision+of+products+or+services+are+excluding+VAT.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+11+%E2%80%93+Performance+of+an+agreement+and+extra+Guarantee%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+guarantees+that+the+products+comply+with%3Cbr+%2F%3E%0D%0A%09%09the+contract%2C+with+the+specifications+listed+in+the+offer%2C+with+reasonable%3Cbr+%2F%3E%0D%0A%09%09requirements+of+usability+and%2For+reliability+and+with+the+existing+statutory%3Cbr+%2F%3E%0D%0A%09%09provisions+and%2For+government+regulations+on+the+day+the+contract+was%3Cbr+%2F%3E%0D%0A%09%09concluded.+%3Cbr+%2F%3E%0D%0A%09%092.+An+extra+guarantee+offered+by+the+Entrepreneur%2C+his+Supplier%2C+Manufacturer+or%3Cbr+%2F%3E%0D%0A%09%09Importer+shall+never+affect+the+rights+and+claims+the+Consumer+may+exercise%3Cbr+%2F%3E%0D%0A%09%09against+the+Entrepreneur+about+a+failure+in+the+fulfilment+of+the+Entrepreneur%E2%80%99s%3Cbr+%2F%3E%0D%0A%09%09obligations+if+the+Entrepreneur+has+failed+in+the+fulfilment+of+his+part+of+the%3Cbr+%2F%3E%0D%0A%09%09agreement.%3Cbr+%2F%3E%0D%0A%09%093.+%E2%80%98Extra+guarantee%E2%80%99+is+taken+to+mean+each+obligation+by+the+Entrepreneur%2C+his%3Cbr+%2F%3E%0D%0A%09%09Supplier%2C+Importer+or+Manufacturer+in+whom+he+assigns+certain+rights+or%3Cbr+%2F%3E%0D%0A%09%09claims+to+the+Consumer+that+go+further+than+he+is+legally+required+in+case+he%3Cbr+%2F%3E%0D%0A%09%09fails+in+the+compliance+with+his+part+of+the+agreement.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+12+%E2%80%93+Delivery+and+execution%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+shall+exercise+the+best+possible+care+when+booking+orders%3Cbr+%2F%3E%0D%0A%09%09and+executing+product+orders.+%3Cbr+%2F%3E%0D%0A%09%092.+The+place+of+delivery+is+at+the+address+given+by+the+Consumer+to+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%093.+With+due+observance+of+the+stipulations+in+Article+4+of+these+General+Terms%3Cbr+%2F%3E%0D%0A%09%09and+Conditions%2C+the+Entrepreneur+shall+execute+accepted+orders+with%3Cbr+%2F%3E%0D%0A%09%09convenient+speed+but+at+least+within+30+days%2C+unless+another+delivery+period%3Cbr+%2F%3E%0D%0A%09%09was+agreed+on.+If+the+delivery+has+been+delayed%2C+or+if+an+order+cannot+be%3Cbr+%2F%3E%0D%0A%09%09filled+or+can+be+filled+only+partially%2C+the+Consumer+shall+be+informed+about+this%3Cbr+%2F%3E%0D%0A%09%09within+one+month+after+ordering.+%3Cbr+%2F%3E%0D%0A%09%094.+The+risk+of+loss+and%2For+damage+to+products+will+be+borne+by+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09until+the+time+of+delivery+to+the+Consumer+or+a+representative+appointed+in%3Cbr+%2F%3E%0D%0A%09%09advance+and+made+known+to+the+Consumer%2C+unless+explicitly+agreed%3Cbr+%2F%3E%0D%0A%09%09otherwise.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+13+%E2%80%93+Payment%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Unless+otherwise+stipulated+in+the+agreement+or+in+the+additional+conditions%2C%3Cbr+%2F%3E%0D%0A%09%09the+amounts+to+be+paid+by+the+Consumer+must+be+settled+within+7+days+after%3Cbr+%2F%3E%0D%0A%09%09the+period+of+reflection%2C+or+if+there+is+no+period+of+reflection+within+7+days%3Cbr+%2F%3E%0D%0A%09%09after+concluding+the+agreement.+In+case+of+an+agreement+to+provide+a+service%2C%3Cbr+%2F%3E%0D%0A%09%09this+period+starts+on+the+day+that+the+Consumer+received+the+confirmation+of%3Cbr+%2F%3E%0D%0A%09%09the+agreement.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+has+the+duty+to+inform+the+Entrepreneur+promptly+of+possible%3Cbr+%2F%3E%0D%0A%09%09inaccuracies+in+the+payment+details+that+were+given+or+specified.%3Cbr+%2F%3E%0D%0A%09%093.+In+case+the+Consumer+has+not+complied+with+his+payment+obligation%28s%29+in%3Cbr+%2F%3E%0D%0A%09%09time%2C+and+the+Entrepreneur+has+pointed+out+to+him+that+the+payment+was+late%3Cbr+%2F%3E%0D%0A%09%09and+allowed+the+Consumer+a+period+of+14+days+to+comply+with+the+payment%3Cbr+%2F%3E%0D%0A%09%09obligations%2C+the+Consumer+is+to+pay+the+statutory+interest+on+the+amount%3Cbr+%2F%3E%0D%0A%09%09payable+and+the+Entrepreneur+is+entitled+to+charge+the+Consumer+with+any%3Cbr+%2F%3E%0D%0A%09%09extrajudicial+collection+costs.+These+extrajudicial+collection+costs+amount+to+no%3Cbr+%2F%3E%0D%0A%09%09more+than+15%25+for+outstanding+amounts+up+to+%E2%82%AC+2%2C500%2C+10%25+for+the+following%3Cbr+%2F%3E%0D%0A%09%09%E2%82%AC+2%2C500+and+5%25+for+the+following+%E2%82%AC+5000%2C+with+a+minimum+of+%E2%82%AC+40.+The%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+may+deviate+from+the+aforementioned+amounts+and+percentages%3Cbr+%2F%3E%0D%0A%09%09in+favour+of+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+14+%E2%80%93+Complaints+procedure%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+shall+have+a+sufficiently+notified+complaints+procedure+in%3Cbr+%2F%3E%0D%0A%09%09place%2C+and+shall+handle+the+complaint+in+accordance+with+this+complaint%3Cbr+%2F%3E%0D%0A%09%09procedure.%3Cbr+%2F%3E%0D%0A%09%092.+Complaints+about+the+performance+of+the+contract+shall+be+submitted+fully+and%3Cbr+%2F%3E%0D%0A%09%09clearly+described+to+the+Entrepreneur+within+a+reasonable+time+after+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+discovered+the+defects%3Cbr+%2F%3E%0D%0A%09%093.+The+complaints+submitted+to+the+Entrepreneur+shall+be+replied+within+a+period%3Cbr+%2F%3E%0D%0A%09%09of+30+days+after+the+date+of+receipt.+Should+a+complaint+require+a+foreseeable%3Cbr+%2F%3E%0D%0A%09%09longer+time+for+handling%2C+the+Entrepreneur+shall+respond+within+30+days+with+a%3Cbr+%2F%3E%0D%0A%09%09notice+of+receipt+and+an+indication+when+the+Consumer+can+expect+a+more%3Cbr+%2F%3E%0D%0A%09%09detailed+reply.%3Cbr+%2F%3E%0D%0A%09%094.+If+the+complaint+cannot+be+solved+in+joint+consultation+within+a+reasonable%3Cbr+%2F%3E%0D%0A%09%09time+or+within+3+months+after+submitting+the+complaint%2C+there+will+be+a+dispute%3Cbr+%2F%3E%0D%0A%09%09that+is+open+to+the+dispute+settlement+rules.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+15+-+Disputes%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Contracts+between+the+Entrepreneur+and+the+Consumer+to+which+these%3Cbr+%2F%3E%0D%0A%09%09General+Terms+and+Conditions+apply%2C+are+exclusively+governed+by+Dutch+law.%3Cbr+%2F%3E%0D%0A%09%092.+With+due+observance+of+the+provisions+set+out+below%2C+the+disputes+between%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+and+the+Entrepreneur+about+the+formation+or+the+performance%3Cbr+%2F%3E%0D%0A%09%09of+contracts+related+to+products+or+services+that+the+Entrepreneur+must+deliver%3Cbr+%2F%3E%0D%0A%09%09or+has+already+delivered+can+be+submitted+by+both+the+Consumer+and+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+to+Geschillencommissie+Webshop%2C+Postbus+90600%2C+2509+LP%2C%3Cbr+%2F%3E%0D%0A%09%09The+Hague+%28Den+Haag%29+%28www.sgc.nl%29.%3Cbr+%2F%3E%0D%0A%09%093.+A+dispute+is+handled+by+the+Disputes+Committee+%5BGeschillencommissie%5D+only+if%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+submitted+his%2Fher+complaint+to+the+Entrepreneur+within+a%3Cbr+%2F%3E%0D%0A%09%09reasonable+period.%3Cbr+%2F%3E%0D%0A%09%094.+The+dispute+must+have+been+submitted+in+writing+to+the+Geschillencommissie%3Cbr+%2F%3E%0D%0A%09%09Webshop+within+three+months+after+arising+of+the+dispute.%3Cbr+%2F%3E%0D%0A%09%095.+If+the+Consumer+wishes+to+submit+a+dispute+to+the+Geschillencommissie%2C+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+is+bound+by+this+choice.+When+the+Entrepreneur+wishes+to+file%3Cbr+%2F%3E%0D%0A%09%09the+dispute+to+the+Geschillencommissie%2C+the+Consumer+must+speak+out+in%3Cbr+%2F%3E%0D%0A%09%09writing+within+five+weeks+after+a+written+request+made+by+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09whether+he+so+desires+or+wants+the+dispute+to+be+dealt+with+by+the+competent%3Cbr+%2F%3E%0D%0A%09%09court.+If+the+Entrepreneur+has+not+heard+of+the+Consumer%E2%80%99s+option+within+the%3Cbr+%2F%3E%0D%0A%09%09period+of+five+weeks%2C+the+Entrepreneur+is+entitled+to+submit+the+dispute+to+the%3Cbr+%2F%3E%0D%0A%09%09competent+court.%3Cbr+%2F%3E%0D%0A%09%096.+The+Geschillencommissie%E2%80%99s+decision+will+be+made+under+the+conditions+as+set%3Cbr+%2F%3E%0D%0A%09%09out+in+the+rules+of+the+Arbitration+Commission%3Cbr+%2F%3E%0D%0A%09%09%28http%3A%2F%2Fwww.degeschillencommissie.nl%2Fover-onss%2Fdecommissies%2F2701%2Fwebshop%29.%3Cbr+%2F%3E%0D%0A%09%09A+decision+made+by+the+Geschillencommissie+is+a+binding+advice.%3Cbr+%2F%3E%0D%0A%09%097.+The+Disputes+Committee+will+not+handle+a+dispute+or+will+discontinue+handling%3Cbr+%2F%3E%0D%0A%09%09it+if+the+Entrepreneur+is+granted+a+moratorium%2C+goes+bankrupt+or+actually%3Cbr+%2F%3E%0D%0A%09%09ended+his+business+activities+before+the+Commission+has+handled+a+dispute+at%3Cbr+%2F%3E%0D%0A%09%09the+hearing+and+delivered+a+final+award.%3Cbr+%2F%3E%0D%0A%09%098.+If+in+addition+to+the+Geschillencommissie+Webshop+another+disputes%3Cbr+%2F%3E%0D%0A%09%09committee+recognised+by+or+affiliated+with+the+Stichting+Geschillencommissies%3Cbr+%2F%3E%0D%0A%09%09voor+Consumentenzaken+%28SGC%29+%5BFoundation+for+Consumer+Complaints%3Cbr+%2F%3E%0D%0A%09%09Committees%5D+or+the+Klachteninstituut+Financi%C3%ABle+Dienstverlening+%28Kifid%29%3Cbr+%2F%3E%0D%0A%09%09%5BFinancial+Services+Complaints+Board%5D+is+competent%2C+the+disputes+that+are%3Cbr+%2F%3E%0D%0A%09%09mainly+related+to+sales+methods+or+distance+services%2C+the%3Cbr+%2F%3E%0D%0A%09%09Geschillencommissie+Webshop+Keurmerk+is+preferably+competent%2C+and+for+all%3Cbr+%2F%3E%0D%0A%09%09other+disputes%2C+the+disputes+committee+recognised+by+and+affiliated+with+the%3Cbr+%2F%3E%0D%0A%09%09SGC+or+Kifid+is+competent.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+16+%E2%80%93+Amendments+to+the+General+Terms+and+Conditions+%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Amendments+to+these+Terms+and+Conditions+are+valid+only+after+being%3Cbr+%2F%3E%0D%0A%09%09published+in+the+appropriate+way%2C+provided+that+in+case+of+appropriate%3Cbr+%2F%3E%0D%0A%09%09amendments%2C+the+provision+that+is+most+favourable+for+the+Consumer+shall%3Cbr+%2F%3E%0D%0A%09%09prevail+during+the+validity+of+an+offer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"(?i:[ ()]case ?\\\\(|\\\\) ?like ?\\\\(|\\\\bhaving ?[^\\\\s]+ ?[^\\\\w ]|\\\\bif ?\\\\([\\\\d\\\\w] ?[=<>~])\" at MATCHED_VAR. [file \"/usr/local/cwaf/rules/22_SQL_SQLi.conf\"] [line \"33\"] [id \"211700\"] [rev \"8\"] [msg \"COMODO WAF: Detects conditional SQL injection attempts||cms.fedon.nl|F|2\"] [data \"Matched Data: case found within MATCHED_VAR:  <h1> Conditions and Terms</h1> CONTENTS<br /> Article 1 - Definitions<br /> Article 2 - The Entrepreneur\\xe2\\x80\\x99s identity<br /> Article 3 - Applicability<br /> Article 4 - The offer<br /> Article 5 - The agreement<br /> Article 6 - Right of withdrawal<br /> Article 7 - Consumer\\xe2\\x80\\x99s obligations during the reflection period<br /> Article 8 - Exercising the Consumer\\xe2\\x80\\x99s right of withdrawal and the costs<br /> Article 9 - Entrepreneur\\xe2\\x...\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"SQLi\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"(?i:[ ()]case ?\\\\(|\\\\) ?like ?\\\\(|\\\\bhaving ?[^\\\\s]+ ?[^\\\\w ]|\\\\bif ?\\\\([\\\\d\\\\w] ?[=<>~])\" at MATCHED_VAR."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":591,"p2":184968,"p3":0,"p4":0,"p5":13,"sr":154,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
212340
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:54:03 +0100","transaction_id":"X89bS55hERMEmWIIEbVxLgAAnAg","remote_address":"194.165.34.247","remote_port":52487,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test2.php HTTP/2.0","headers":{"Content-Length":"795","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.n ","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test2.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Cscript%3E%0D%0A%09%09%28function%28i%2Cs%2Co%2Cg%2Cr%2Ca%2Cm%29%7Bi%5B%27GoogleAnalyticsObject%27%5D%3Dr%3Bi%5Br%5D%3Di%5Br%5D%7C%7Cfunction%28%29%7B%0D%0A%09%09%28i%5Br%5D.q%3Di%5Br%5D.q%7C%7C%5B%5D%29.push%28arguments%29%7D%2Ci%5Br%5D.l%3D1*new+Date%28%29%3Ba%3Ds.createElement%28o%29%2C%0D%0A%09%09m%3Ds.getElementsByTagName%28o%29%5B0%5D%3Ba.async%3D1%3Ba.src%3Dg%3Bm.parentNode.insertBefore%28a%2Cm%29%0D%0A%09%09%7D%29%28window%2Cdocument%2C%27script%27%2C%27%2F%2Fwww.google-analytics.com%2Fanalytics.js%27%2C%27ga%27%29%3B%0D%0A%0D%0A%09%09ga%28%27create%27%2C+%27UA-53097816-1%27%2C+%27auto%27%29%3B%0D%0A%09%09ga%28%27set%27%2C+%27anonymizeIp%27%2C+true%29%3B%0D%0A%09%09ga%28%27send%27%2C+%27pageview%27%29%3B%0D%0A%0D%0A%09%09%3C%2Fscript%3E%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Matched phrase \".parentnode\" at ARGS:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"56\"] [id \"212340\"] [rev \"4\"] [msg \"COMODO WAF: Cross-site Scripting (XSS) Attack||cms.fedon.nl|F|2\"] [data \"Matched Data: .parentnode found within ARGS:fiets:  <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-53097816-1', 'auto'); ga('set', 'anonymizeIp', true); ga('send', 'pageview'); </script> \"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Matched phrase \".parentnode\" at ARGS:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":691,"p2":1263,"p3":0,"p4":0,"p5":7,"sr":190,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
212740
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:57:20 +0100","transaction_id":"X89cEFx7dXpuEVi6OBbiXAAAKA4","remote_address":"194.165.34.247","remote_port":52551,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test3.php HTTP/2.0","headers":{"Content-Length":"2141","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.nl","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test3.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Ctitle%3E%25onderwerp%25%3C%2Ftitle%3E+%3Cmeta+content%3D%22text%2Fhtml%3B+charset%3Diso-8859-1%22+http-equiv%3D%22Content-Type%22+%2F%3E%0D%0A%09%09%09%3Ccenter%3E%0D%0A%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Fwww.mollenshop.com%2F%22%3E%3Cimg+alt%3D%22%22+border%3D%220%22+src%3D%22https%3A%2F%2Fmollenshop.com%2Fimages%2Flogo.png%22+%2F%3E%3C%2Fa%3E+%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09Tekst+hier%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09%25nieuwsbriefafmeldlink%25+%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cb%3ESchreuder+E-Commerce%3C%2Fb%3E%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Sterrenlaan+7%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%092743+LW+Waddinxveen+%28Zuid-Holland%29%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09The+Netherlands%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Telefoon%3A+%2B31+%280%29182-756629%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09E-mail%3A+info%40schreuder-e-commerce.com%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%3C%2Fcenter%3E%0D%0A%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash\" at ARGS_POST:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"69\"] [id \"212740\"] [rev \"6\"] [msg \"COMODO WAF: XSS Attack Detected||cms.fedon.nl|F|2\"] [data \"Matched Data: text/html; found within ARGS_POST:fiets: <title>%onderwerp%</title><metacontent=\\x22text/html;charset=iso-8859-1\\x22http-equiv=\\x22content-type\\x22/><center><ahref=\\x22https://www.mollenshop.com/\\x22><imgalt=\\x22\\x22border=\\x220\\x22src=\\x22https://mollenshop.com/images/logo.png\\x22/></a><br/><br/><br/><tablealign=\\x22center\\x22cellpadding=\\x220\\x22cellspacing=\\x220\\x22width=\\x22600\\x22><tbody><tr><tdstyle=\\x22border:1pxsolid\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash\" at ARGS_POST:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":498,"p2":1574,"p3":0,"p4":0,"p5":12,"sr":138,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
Any thoughts?

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: False-Positive report thread
« Reply #290 on: December 11, 2020, 05:13:18 PM »
Here are the logs (I've just changed the IP and real domain). All the following rules give false positive:

212740
212960
212970
213060


Code: [Select]
[Thu Dec 03 11:34:29.699355 2020] [:error] [pid 1153] [client 178.1.1.1:56908] [client 178.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||my.website.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8ixJXZWGtMnPrQQTL7fRQAAAAU"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:40:03.085246 2020] [:error] [pid 2831] [client 178.147.1.1:57054] [client 178.147.1.1] ModSecurity: Rule 7efebc3f0ba8 [id "-"][file "/usr/local/cwaf/rules/07_XSS_XSS.conf"][line "100"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8iycg-ghFgXNfQ4qS47cAAAAAk"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:40:03.088583 2020] [:error] [pid 2831] [client 178.147.1.1:57054] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<meta.{0,}?http-equiv\\\\/{0,}?=\\\\/{0,}?[\\\\x22'`]{0,1}(?:c|r|s|&#?x?0{0,}?(?:67|43|99|63|82|52|114|72|83|53|115|73);?)" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "125"] [id "212960"] [rev "5"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||my.website.com|F|2"] [data "Matched Data: <metahttp-equiv=\\x22c found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyl..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8iycg-ghFgXNfQ4qS47cAAAAAk"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:43:31.845674 2020] [:error] [pid 3080] [client 178.147.1.1:57121] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<meta.{0,}?charset\\\\/{0,}=" at ARGS_POST:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "128"] [id "212970"] [rev "5"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||my.website.com|F|2"] [data "Matched Data: <metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset= found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x2..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8izQyk3Rt35mfmJlmt8igAAAAM"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

Code: [Select]
[Thu Dec 03 11:44:57.057504 2020] [:error] [pid 3194] [client 178.147.1.1:57148] [client 178.147.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\\\bx(?:link:href|html|mlns)|!ENTITY\\\\b.*?\\\\b(?:SYSTEM|PUBLIC)|\\\\bdata:text\\\\/html))" at ARGS:emailglobalheader. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "173"] [id "213060"] [rev "5"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||my.website.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "my.website.com"] [uri "/diaxirisi/configgeneral.php"] [unique_id "X8izmFbKynWgc17n5X3QTAAAAAI"], referer: https://my.website.com/diaxirisi/configgeneral.php?nocache=kcwFgZpWGAmFjwz8

FPs will be fixed in the next rules release.

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: False-Positive report thread
« Reply #291 on: December 11, 2020, 05:13:56 PM »
I'm suspecting a few false positives in certain rules:

Current rules version   1.232
CWAF plugin version   2.24.5

211700
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:26:41 +0100","transaction_id":"X89U4NGFViaeX1-aIh3cjAAAHDc","remote_address":"194.165.34.247","remote_port":49604,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test.php HTTP/2.0","headers":{"Content-Length":"26059","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.nl","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Ch1%3E%0D%0A%09%09Conditions+and+Terms%3C%2Fh1%3E%0D%0A%09%09CONTENTS%3Cbr+%2F%3E%0D%0A%09%09Article+1+-+Definitions%3Cbr+%2F%3E%0D%0A%09%09Article+2+-+The+Entrepreneur%E2%80%99s+identity%3Cbr+%2F%3E%0D%0A%09%09Article+3+-+Applicability%3Cbr+%2F%3E%0D%0A%09%09Article+4+-+The+offer%3Cbr+%2F%3E%0D%0A%09%09Article+5+-+The+agreement%3Cbr+%2F%3E%0D%0A%09%09Article+6+-+Right+of+withdrawal%3Cbr+%2F%3E%0D%0A%09%09Article+7+-+Consumer%E2%80%99s+obligations+during+the+reflection+period%3Cbr+%2F%3E%0D%0A%09%09Article+8+-+Exercising+the+Consumer%E2%80%99s+right+of+withdrawal+and+the+costs%3Cbr+%2F%3E%0D%0A%09%09Article+9+-+Entrepreneur%E2%80%99s+obligation+in+case+of+withdrawal%3Cbr+%2F%3E%0D%0A%09%09Article+10+-+The+price%3Cbr+%2F%3E%0D%0A%09%09Article+11+-+Performance+of+an+agreement+and+extra+guaranty%3Cbr+%2F%3E%0D%0A%09%09Article+12+-+Delivery+and+execution%3Cbr+%2F%3E%0D%0A%09%09Article+13+-+Payment%3Cbr+%2F%3E%0D%0A%09%09Article+14+-+Complaints+procedure%3Cbr+%2F%3E%0D%0A%09%09Article+15+-+Disputes%3Cbr+%2F%3E%0D%0A%09%09Article+16+-+Amendment+to+the+General+Terms+and+Conditions+%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+1+%E2%80%93+Definitions%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%09In+these+Terms+and+Conditions%2C+the+following+terms+shall+have+the+following%3Cbr+%2F%3E%0D%0A%09%09meanings%3A%3Cbr+%2F%3E%0D%0A%09%091.+Additional+agreement%3A+an+agreement+in+which+the+Consumer+acquires%3Cbr+%2F%3E%0D%0A%09%09products+with+respect+to+an+agreement+and+these+goods%2C+are+delivered+%3Cbr+%2F%3E%0D%0A%09%09by+the+Entrepreneur+or+a+third+party+on+the+basis+of+an+arrangement+between+this%3Cbr+%2F%3E%0D%0A%09%09third+party+and+the+Entrepreneur%3B%3Cbr+%2F%3E%0D%0A%09%092.+Reflection+period%3A+the+period+during+which+the+Consumer+may+use+his%3Cbr+%2F%3E%0D%0A%09%09right+of+withdrawal%3B%3Cbr+%2F%3E%0D%0A%09%093.+Consumer%3A+the+natural+person+who+does+not+act+for+purposes+related+to%3Cbr+%2F%3E%0D%0A%09%09his%2Fher+commercial%2C+trade%2C+craft+or+professional+activities+or+the+%28natural%29+person+who+acts+%3Cbr+%2F%3E%0D%0A%09%09for+purposes+related+to+his%2Fher+commercial%2C+trade%2C+craft+or+professional+activities%3B%3Cbr+%2F%3E%0D%0A%09%094.+Day%3A+calendar+day%3B%3Cbr+%2F%3E%0D%0A%09%095.+Continuing+performance+contract%3A+a+contract+serving+to+deliver+goods+in+a+given+period%3B%3Cbr+%2F%3E%0D%0A%09%096.+Sustainable+data+carrier%3A+any+means%2C+including+email%2C+that+allow+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+or+the+Entrepreneur+to+store+information+directed+to+him%2Fher%3Cbr+%2F%3E%0D%0A%09%09personally+in+such+a+manner+that+makes+future+consultation+and+use+possible%3Cbr+%2F%3E%0D%0A%09%09during+a+period+that+matches+the+purpose+for+which+the+information+is%3Cbr+%2F%3E%0D%0A%09%09destined+and+which+makes+unaltered+reproduction+of+the+stored+information%3Cbr+%2F%3E%0D%0A%09%09possible.%3Cbr+%2F%3E%0D%0A%09%097.+Right+of+withdrawal%3A+the+Consumer%E2%80%99s+option+not+to+proceed+with+the+agreement+within+%3Cbr+%2F%3E%0D%0A%09%09the+cooling-off+period%3B%3Cbr+%2F%3E%0D%0A%09%098.+Entrepreneur%3A+The+VAT+Consultancy+Firm+B.V.%3B%3Cbr+%2F%3E%0D%0A%09%099.+Contract%3A+a+contract+concluded+by+the+Entrepreneur+and+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+within+the+scope+of+an+organised+system+for+selling+products%2C+whereby+%3Cbr+%2F%3E%0D%0A%09%09exclusive+or+additional+use+is+made+of+one+or+more+technologies+of+distance+communication+%3Cbr+%2F%3E%0D%0A%09%09up+to+the+conclusion+of+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%0910.+Technology+for+distance+communication%3A+a+means+to+be+used+for%3Cbr+%2F%3E%0D%0A%09%09concluding+an+agreement+without+the+Consumer+and+the+Entrepreneur+being%3Cbr+%2F%3E%0D%0A%09%09together+in+the+same+place+at+the+same+time.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+2+%E2%80%93+The+Entrepreneur%E2%80%99s+identity%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%09Name+of+Entrepreneur%3A+The+VAT+Consultancy+Firm+B.V.%3Cbr+%2F%3E%0D%0A%09%09Business+address%3A+Hoofdgracht+61%2C+1411+LB+Naarden%3Cbr+%2F%3E%0D%0A%09%09Telephone+number%3A+%2B31+%280%29+35+694+01+26+%3Cbr+%2F%3E%0D%0A%09%09Email+address%3A+info%40europeanvathandbook.com%3Cbr+%2F%3E%0D%0A%09%09Chamber+of+Commerce+number%3A+69153124%3Cbr+%2F%3E%0D%0A%09%09VAT+identification+number+NL857756060B01%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+3+%E2%80%93+Applicability%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+These+General+Terms+and+Conditions+apply+to+any+offer+from+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09and+to+any+contract+concluded+by+the+Entrepreneur+and+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%092.+Before+concluding+a+contract%2C+the+Entrepreneur+shall+make+the+text+of%3Cbr+%2F%3E%0D%0A%09%09these+General+Terms+and+Conditions+available+free+of+charge+and+as+soon+as%3Cbr+%2F%3E%0D%0A%09%09possible.+If+this+is+reasonably+impossible%2C+the+Entrepreneur+shall+indicate+in%3Cbr+%2F%3E%0D%0A%09%09what+way+the+General+Terms+and+conditions+can+be+inspected+and+that+they%3Cbr+%2F%3E%0D%0A%09%09will+be+sent+free+of+charge+if+so+requested%2C+before+the+contract+is+concluded.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+contract+is+concluded+electronically%2C+the+text+of+these+General%3Cbr+%2F%3E%0D%0A%09%09Terms+and+Conditions%2C+in+deviation+from+the+previous+section+and+before+the%3Cbr+%2F%3E%0D%0A%09%09contract+is+concluded%2C+may+also+be+supplied+to+the+Consumer%3Cbr+%2F%3E%0D%0A%09%09electronically+in+such+a+way+that+the+Consumer+can+easily+store+it+on+a+longterm%3Cbr+%2F%3E%0D%0A%09%09data+carrier.+If+this+is+reasonably+impossible%2C+it+will+be+specified+where%3Cbr+%2F%3E%0D%0A%09%09the+General+Terms+and+Conditions+can+be+viewed+electronically+and+that+they%3Cbr+%2F%3E%0D%0A%09%09will+be+sent+to+at+the+Consumer%C2%B4s+request+free+of+charge%2C+either+via%3Cbr+%2F%3E%0D%0A%09%09electronic+means+or+otherwise%2C+before+concluding+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%094.+In+the+event+that+specific+product+or+service+condition+apply+in+addition+to%3Cbr+%2F%3E%0D%0A%09%09these+General+Terms+and+Conditions%2C+the+second+and+third+paragraphs+shall%3Cbr+%2F%3E%0D%0A%09%09apply+accordingly%2C+and+in+the+event+of+contradictory+terms+and+conditions%2C+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+may+always+appeal+to+the+applicable+provision+that+is+most%3Cbr+%2F%3E%0D%0A%09%09favourable+to+him%2Fher.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+4+%E2%80%93+The+offer%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+an+offer+is+of+limited+duration+or+if+certain+conditions+apply%2C+it+shall+be%3Cbr+%2F%3E%0D%0A%09%09explicitly+stated+in+the+offer.%3Cbr+%2F%3E%0D%0A%09%092.+The+offer+contains+a+full+and+accurate+description+of+the+products+offered.+%3Cbr+%2F%3E%0D%0A%09%09The+description+is+suitably+detailed+to+enable+the+Consumer+to+assess+the+%3Cbr+%2F%3E%0D%0A%09%09products+adequately.+If+the+Entrepreneur+makes+use+of+pictures%2C+they+are+truthful+%3Cbr+%2F%3E%0D%0A%09%09images+of+the+products+and%2For+services+provided.+%3Cbr+%2F%3E%0D%0A%09%09Obvious+errors+or+mistakes+in+the+offer+do+not+bind+the+Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%093.+All+offers+contain+such+information+that+it+is+clear+to+the+Consumer+what+rights%3Cbr+%2F%3E%0D%0A%09%09and+obligations+are+attached+to+accepting+the+offer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+5+%E2%80%93+The+contract%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Subject+to+the+provisions+in+paragraph+4%2C+the+contract+becomes+valid+when+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+has+accepted+the+offer+and+fulfilled+the+terms+and+conditions+set.%3Cbr+%2F%3E%0D%0A%09%092.+If+the+Consumer+accepted+the+offer+via+electronic+means%2C+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09shall+confirm+receipt+of+having+accepted+the+offer+via+electronic+means+within+%3Cbr+%2F%3E%0D%0A%09%09reasonable+time.+As+long+as+the+receipt+of+said+acceptance+has+not+been+%3Cbr+%2F%3E%0D%0A%09%09confirmed%2C+the+Consumer+may+repudiate+the+contract.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+contract+is+concluded+electronically%2C+the+Entrepreneur+will+take%3Cbr+%2F%3E%0D%0A%09%09appropriate+technical+and+organisational+security+measures+for+the+electronic%3Cbr+%2F%3E%0D%0A%09%09data+transfer+and+ensure+a+safe+web+environment.+If+the+Consumer+can+pay%3Cbr+%2F%3E%0D%0A%09%09electronically%2C+the+Entrepreneur+shall+observe+appropriate+security+measures.%3Cbr+%2F%3E%0D%0A%09%094.+The+Entrepreneur+may%2C+within+the+limits+of+the+law%2C+gather+information+about%3Cbr+%2F%3E%0D%0A%09%09Consumer%E2%80%99s+ability+to+fulfil+his+payment+obligations%2C+and+all+facts+and+factors%3Cbr+%2F%3E%0D%0A%09%09relevant+to+responsibly+concluding+the+contract.+If%2C+acting+on+the%3Cbr+%2F%3E%0D%0A%09%09results+of+this+investigation%2C+the+Entrepreneur+has+sound+reasons+for+not%3Cbr+%2F%3E%0D%0A%09%09concluding+the+contract%2C+he+is+lawfully+entitled+to+refuse+an+order+or+request%3Cbr+%2F%3E%0D%0A%09%09supported+by+reasons%2C+or+to+attach+special+terms+to+the+implementation.%3Cbr+%2F%3E%0D%0A%09%095.+Before+delivering+the+product%2C+the+Entrepreneur+shall+send+the+following%3Cbr+%2F%3E%0D%0A%09%09information+along+with+the+product+in+writing%3A%3Cbr+%2F%3E%0D%0A%09%09a.+the+conditions+on+which+and+the+manner+in+which+the+Consumer+may%3Cbr+%2F%3E%0D%0A%09%09exercise+the+right+of+withdrawal%2C+or%2C+as+the+case+may+be%2C+clear+information%3Cbr+%2F%3E%0D%0A%09%09about+his+being+exempted+from+the+right+of+withdrawal%3B%3Cbr+%2F%3E%0D%0A%09%09b.+The+price+excluding+all+taxes+of+the+product%2C+where+applicable+the+delivery+%3Cbr+%2F%3E%0D%0A%09%09costs+and+the+way+of+payment%2C+delivery+or+implementation+of+the+contract%3B%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+6+%E2%80%93+Right+of+withdrawal%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Consumer+can+repudiate+a+purchase+contract+for+a+product+without+giving%3Cbr+%2F%3E%0D%0A%09%09reasons+for+a+period+of+reflection+of+at+least+7+days.+The+Entrepreneur+may%3Cbr+%2F%3E%0D%0A%09%09ask+the+Consumer+about+the+reason+for+the+withdrawal+but+cannot+force%3Cbr+%2F%3E%0D%0A%09%09him+to+state+his+reason%28s%29.%3Cbr+%2F%3E%0D%0A%09%092.+The+reflection+period+referred+to+in+sub-clause+1+starts+on+the+day+the+product%3Cbr+%2F%3E%0D%0A%09%09is+received+by+the+Consumer+or+by+a+third+party+appointed+by+him+in+advance%3Cbr+%2F%3E%0D%0A%09%09and+who+is+not+the+carrier%2C+or%3Cbr+%2F%3E%0D%0A%09%09a.+if+the+Consumer+ordered+several+products+in+the+same+order%3A+the+day+on%3Cbr+%2F%3E%0D%0A%09%09which+the+Consumer+or+a+third+party+appointed+by+him+received+the%3Cbr+%2F%3E%0D%0A%09%09last+product.+The+Entrepreneur+may+refuse+an+order+of+several+products+with+%3Cbr+%2F%3E%0D%0A%09%09different+delivery+dates+provided+that+he+clearly+informs+the+Consumer+prior+to+%3Cbr+%2F%3E%0D%0A%09%09the+order+process.%3Cbr+%2F%3E%0D%0A%09%09b.+in+case+of+an+agreement+about+regular+delivery+of+products+during+a%3Cbr+%2F%3E%0D%0A%09%09given+period%3A+the+day+on+which+the+Consumer+or+a+third+party+appointed%3Cbr+%2F%3E%0D%0A%09%09by+him+received+the+first+product.%3Cbr+%2F%3E%0D%0A%09%093.+If+the+Entrepreneur+provided+the+Consumer+with+the+information+referred%3Cbr+%2F%3E%0D%0A%09%09to+in+the+previous+article+within+twelve+months+after+the+starting+day+of+the%3Cbr+%2F%3E%0D%0A%09%09original+period+of+reflection%2C+the+period+of+reflection+expires+7+day+after+the%3Cbr+%2F%3E%0D%0A%09%09day+on+which+the+Consumer+received+the+information.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+7+%E2%80%93+Consumer%E2%80%99s+obligations+during+the+time+of+reflection%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+During+this+period%2C+the+Consumer+shall+handle+the+product+and+the+packaging%3Cbr+%2F%3E%0D%0A%09%09with+care.+The+Consumer+shall+only+unpack+or+use+the+product+to+the+extent%3Cbr+%2F%3E%0D%0A%09%09necessary+for+establishing+the+nature%2C+the+characteristics+and+the+effect+of+the%3Cbr+%2F%3E%0D%0A%09%09product.+The+guiding+principle+is+that+the+Consumer+may+only+handle+and%3Cbr+%2F%3E%0D%0A%09%09inspect+the+product+in+the+manner+in+which+one+is+allowed+to+handle+a+product%3Cbr+%2F%3E%0D%0A%09%09in+a+shop.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+is+only+liable+for+the+decrease+in+value+of+the+product+that+is%3Cbr+%2F%3E%0D%0A%09%09caused+by+the+way+of+handling+the+product+which+went+further+than%3Cbr+%2F%3E%0D%0A%09%09allowed+in+sub-section+1.%3Cbr+%2F%3E%0D%0A%09%093.+The+Consumer+is+not+liable+for+the+decrease+in+value+of+the+product+if+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+has+not+provided+him+with+all+legal+information+about+the+right+of%3Cbr+%2F%3E%0D%0A%09%09withdrawal+before+concluding+the+Agreement.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+8+%E2%80%93+Exercising+the+Consumer%E2%80%99s+right+of+withdrawal+and+the+costs%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+the+Consumer+exercises+his+right+of+withdrawal+he+shall+notify+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+unambiguously+within+the+period+of+reflection.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+shall+return+the+product+or+deliver+it+to+%28the+authorized%3Cbr+%2F%3E%0D%0A%09%09representative+of%29+the+Entrepreneur+as+soon+as+possible+but+within+14+days%3Cbr+%2F%3E%0D%0A%09%09counting+from+the+day+following+the+notification+referred+to+in+sub-clause+1.%3Cbr+%2F%3E%0D%0A%09%09The+Consumer+observed+the+period+of+returning+the+product+in+any+event+if+the%3Cbr+%2F%3E%0D%0A%09%09product+is+returned+before+the+expiration+of+the+period+of+reflection.%3Cbr+%2F%3E%0D%0A%09%093.+The+Consumer+shall+return+the+product+and+if+reasonably+possible+in+the+%3Cbr+%2F%3E%0D%0A%09%09original+state+and+packing+and+in+conformity+with+reasonable+and+clear+instructions+%3Cbr+%2F%3E%0D%0A%09%09given+by+the+Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%094.+The+risk+and+the+burden+of+proof+for+the+correct+and+timely+exercise+of+the%3Cbr+%2F%3E%0D%0A%09%09right+of+withdrawal+fall+on+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%095.+The+Consumer+shall+bear+the+direct+costs+of+returning+the+product.+%3Cbr+%2F%3E%0D%0A%09%096.+If+the+Consumer+exercises+his+right+of+withdrawal%2C+all+additional+agreements%3Cbr+%2F%3E%0D%0A%09%09end+by+operation+of+law.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+9+%E2%80%93+Entrepreneur%E2%80%99s+obligations+in+case+of+withdrawal%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+If+the+Entrepreneur+makes+the+notification+of+withdrawal+by+electronic+means%3Cbr+%2F%3E%0D%0A%09%09possible%2C+he+shall+send+a+return+receipt+within+seven+%287%29+days.%3Cbr+%2F%3E%0D%0A%09%092.+The+Entrepreneur+shall+reimburse+all+payments+made+by+the+Consumer%2C%3Cbr+%2F%3E%0D%0A%09%09excluding+any+delivery+costs+that+the+Consumer+may+charge+for+the+returned%3Cbr+%2F%3E%0D%0A%09%09product%2C+as+soon+as+possible+but+within+14+days+following+the+day+on+which%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+notified+him+of+the+withdrawal.+Unless+the+Entrepreneur+offers%3Cbr+%2F%3E%0D%0A%09%09to+collect+the+product+himself%2C+he+can+wait+with+paying+back+until+having%3Cbr+%2F%3E%0D%0A%09%09received+the+product+or+until+the+Consumer+proved+that+he+returned+the%3Cbr+%2F%3E%0D%0A%09%09product%2C+whichever+occurs+first.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+10+-+The+price%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+prices+of+the+products+and%2For+services+provided+shall+not+be+raised+during%3Cbr+%2F%3E%0D%0A%09%09the+validity+period+given+in+the+offer.%3Cbr+%2F%3E%0D%0A%09%092.+Price+increases+within+3+months+after+concluding+the+contract+are+permitted%3Cbr+%2F%3E%0D%0A%09%09only+if+they+are+the+result+of+new+legislation.%3Cbr+%2F%3E%0D%0A%09%093.+Price+increases+from+3+months+after+concluding+the+contract+are+permitted%3Cbr+%2F%3E%0D%0A%09%09only+if+the+Entrepreneur+has+stipulated+it+and%3Cbr+%2F%3E%0D%0A%09%09a.+they+are+the+result+of+legal+regulations+or+stipulations%2C+or%3Cbr+%2F%3E%0D%0A%09%09b.+the+Consumer+has+the+authority+to+cancel+the+contract+before+the+day+on%3Cbr+%2F%3E%0D%0A%09%09which+the+price+increase+starts.%3Cbr+%2F%3E%0D%0A%09%094.+All+prices+indicated+in+the+provision+of+products+or+services+are+excluding+VAT.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+11+%E2%80%93+Performance+of+an+agreement+and+extra+Guarantee%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+guarantees+that+the+products+comply+with%3Cbr+%2F%3E%0D%0A%09%09the+contract%2C+with+the+specifications+listed+in+the+offer%2C+with+reasonable%3Cbr+%2F%3E%0D%0A%09%09requirements+of+usability+and%2For+reliability+and+with+the+existing+statutory%3Cbr+%2F%3E%0D%0A%09%09provisions+and%2For+government+regulations+on+the+day+the+contract+was%3Cbr+%2F%3E%0D%0A%09%09concluded.+%3Cbr+%2F%3E%0D%0A%09%092.+An+extra+guarantee+offered+by+the+Entrepreneur%2C+his+Supplier%2C+Manufacturer+or%3Cbr+%2F%3E%0D%0A%09%09Importer+shall+never+affect+the+rights+and+claims+the+Consumer+may+exercise%3Cbr+%2F%3E%0D%0A%09%09against+the+Entrepreneur+about+a+failure+in+the+fulfilment+of+the+Entrepreneur%E2%80%99s%3Cbr+%2F%3E%0D%0A%09%09obligations+if+the+Entrepreneur+has+failed+in+the+fulfilment+of+his+part+of+the%3Cbr+%2F%3E%0D%0A%09%09agreement.%3Cbr+%2F%3E%0D%0A%09%093.+%E2%80%98Extra+guarantee%E2%80%99+is+taken+to+mean+each+obligation+by+the+Entrepreneur%2C+his%3Cbr+%2F%3E%0D%0A%09%09Supplier%2C+Importer+or+Manufacturer+in+whom+he+assigns+certain+rights+or%3Cbr+%2F%3E%0D%0A%09%09claims+to+the+Consumer+that+go+further+than+he+is+legally+required+in+case+he%3Cbr+%2F%3E%0D%0A%09%09fails+in+the+compliance+with+his+part+of+the+agreement.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+12+%E2%80%93+Delivery+and+execution%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+shall+exercise+the+best+possible+care+when+booking+orders%3Cbr+%2F%3E%0D%0A%09%09and+executing+product+orders.+%3Cbr+%2F%3E%0D%0A%09%092.+The+place+of+delivery+is+at+the+address+given+by+the+Consumer+to+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur.%3Cbr+%2F%3E%0D%0A%09%093.+With+due+observance+of+the+stipulations+in+Article+4+of+these+General+Terms%3Cbr+%2F%3E%0D%0A%09%09and+Conditions%2C+the+Entrepreneur+shall+execute+accepted+orders+with%3Cbr+%2F%3E%0D%0A%09%09convenient+speed+but+at+least+within+30+days%2C+unless+another+delivery+period%3Cbr+%2F%3E%0D%0A%09%09was+agreed+on.+If+the+delivery+has+been+delayed%2C+or+if+an+order+cannot+be%3Cbr+%2F%3E%0D%0A%09%09filled+or+can+be+filled+only+partially%2C+the+Consumer+shall+be+informed+about+this%3Cbr+%2F%3E%0D%0A%09%09within+one+month+after+ordering.+%3Cbr+%2F%3E%0D%0A%09%094.+The+risk+of+loss+and%2For+damage+to+products+will+be+borne+by+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09until+the+time+of+delivery+to+the+Consumer+or+a+representative+appointed+in%3Cbr+%2F%3E%0D%0A%09%09advance+and+made+known+to+the+Consumer%2C+unless+explicitly+agreed%3Cbr+%2F%3E%0D%0A%09%09otherwise.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+13+%E2%80%93+Payment%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Unless+otherwise+stipulated+in+the+agreement+or+in+the+additional+conditions%2C%3Cbr+%2F%3E%0D%0A%09%09the+amounts+to+be+paid+by+the+Consumer+must+be+settled+within+7+days+after%3Cbr+%2F%3E%0D%0A%09%09the+period+of+reflection%2C+or+if+there+is+no+period+of+reflection+within+7+days%3Cbr+%2F%3E%0D%0A%09%09after+concluding+the+agreement.+In+case+of+an+agreement+to+provide+a+service%2C%3Cbr+%2F%3E%0D%0A%09%09this+period+starts+on+the+day+that+the+Consumer+received+the+confirmation+of%3Cbr+%2F%3E%0D%0A%09%09the+agreement.%3Cbr+%2F%3E%0D%0A%09%092.+The+Consumer+has+the+duty+to+inform+the+Entrepreneur+promptly+of+possible%3Cbr+%2F%3E%0D%0A%09%09inaccuracies+in+the+payment+details+that+were+given+or+specified.%3Cbr+%2F%3E%0D%0A%09%093.+In+case+the+Consumer+has+not+complied+with+his+payment+obligation%28s%29+in%3Cbr+%2F%3E%0D%0A%09%09time%2C+and+the+Entrepreneur+has+pointed+out+to+him+that+the+payment+was+late%3Cbr+%2F%3E%0D%0A%09%09and+allowed+the+Consumer+a+period+of+14+days+to+comply+with+the+payment%3Cbr+%2F%3E%0D%0A%09%09obligations%2C+the+Consumer+is+to+pay+the+statutory+interest+on+the+amount%3Cbr+%2F%3E%0D%0A%09%09payable+and+the+Entrepreneur+is+entitled+to+charge+the+Consumer+with+any%3Cbr+%2F%3E%0D%0A%09%09extrajudicial+collection+costs.+These+extrajudicial+collection+costs+amount+to+no%3Cbr+%2F%3E%0D%0A%09%09more+than+15%25+for+outstanding+amounts+up+to+%E2%82%AC+2%2C500%2C+10%25+for+the+following%3Cbr+%2F%3E%0D%0A%09%09%E2%82%AC+2%2C500+and+5%25+for+the+following+%E2%82%AC+5000%2C+with+a+minimum+of+%E2%82%AC+40.+The%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+may+deviate+from+the+aforementioned+amounts+and+percentages%3Cbr+%2F%3E%0D%0A%09%09in+favour+of+the+Consumer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+14+%E2%80%93+Complaints+procedure%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+The+Entrepreneur+shall+have+a+sufficiently+notified+complaints+procedure+in%3Cbr+%2F%3E%0D%0A%09%09place%2C+and+shall+handle+the+complaint+in+accordance+with+this+complaint%3Cbr+%2F%3E%0D%0A%09%09procedure.%3Cbr+%2F%3E%0D%0A%09%092.+Complaints+about+the+performance+of+the+contract+shall+be+submitted+fully+and%3Cbr+%2F%3E%0D%0A%09%09clearly+described+to+the+Entrepreneur+within+a+reasonable+time+after+the%3Cbr+%2F%3E%0D%0A%09%09Consumer+discovered+the+defects%3Cbr+%2F%3E%0D%0A%09%093.+The+complaints+submitted+to+the+Entrepreneur+shall+be+replied+within+a+period%3Cbr+%2F%3E%0D%0A%09%09of+30+days+after+the+date+of+receipt.+Should+a+complaint+require+a+foreseeable%3Cbr+%2F%3E%0D%0A%09%09longer+time+for+handling%2C+the+Entrepreneur+shall+respond+within+30+days+with+a%3Cbr+%2F%3E%0D%0A%09%09notice+of+receipt+and+an+indication+when+the+Consumer+can+expect+a+more%3Cbr+%2F%3E%0D%0A%09%09detailed+reply.%3Cbr+%2F%3E%0D%0A%09%094.+If+the+complaint+cannot+be+solved+in+joint+consultation+within+a+reasonable%3Cbr+%2F%3E%0D%0A%09%09time+or+within+3+months+after+submitting+the+complaint%2C+there+will+be+a+dispute%3Cbr+%2F%3E%0D%0A%09%09that+is+open+to+the+dispute+settlement+rules.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+15+-+Disputes%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Contracts+between+the+Entrepreneur+and+the+Consumer+to+which+these%3Cbr+%2F%3E%0D%0A%09%09General+Terms+and+Conditions+apply%2C+are+exclusively+governed+by+Dutch+law.%3Cbr+%2F%3E%0D%0A%09%092.+With+due+observance+of+the+provisions+set+out+below%2C+the+disputes+between%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+and+the+Entrepreneur+about+the+formation+or+the+performance%3Cbr+%2F%3E%0D%0A%09%09of+contracts+related+to+products+or+services+that+the+Entrepreneur+must+deliver%3Cbr+%2F%3E%0D%0A%09%09or+has+already+delivered+can+be+submitted+by+both+the+Consumer+and+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+to+Geschillencommissie+Webshop%2C+Postbus+90600%2C+2509+LP%2C%3Cbr+%2F%3E%0D%0A%09%09The+Hague+%28Den+Haag%29+%28www.sgc.nl%29.%3Cbr+%2F%3E%0D%0A%09%093.+A+dispute+is+handled+by+the+Disputes+Committee+%5BGeschillencommissie%5D+only+if%3Cbr+%2F%3E%0D%0A%09%09the+Consumer+submitted+his%2Fher+complaint+to+the+Entrepreneur+within+a%3Cbr+%2F%3E%0D%0A%09%09reasonable+period.%3Cbr+%2F%3E%0D%0A%09%094.+The+dispute+must+have+been+submitted+in+writing+to+the+Geschillencommissie%3Cbr+%2F%3E%0D%0A%09%09Webshop+within+three+months+after+arising+of+the+dispute.%3Cbr+%2F%3E%0D%0A%09%095.+If+the+Consumer+wishes+to+submit+a+dispute+to+the+Geschillencommissie%2C+the%3Cbr+%2F%3E%0D%0A%09%09Entrepreneur+is+bound+by+this+choice.+When+the+Entrepreneur+wishes+to+file%3Cbr+%2F%3E%0D%0A%09%09the+dispute+to+the+Geschillencommissie%2C+the+Consumer+must+speak+out+in%3Cbr+%2F%3E%0D%0A%09%09writing+within+five+weeks+after+a+written+request+made+by+the+Entrepreneur%3Cbr+%2F%3E%0D%0A%09%09whether+he+so+desires+or+wants+the+dispute+to+be+dealt+with+by+the+competent%3Cbr+%2F%3E%0D%0A%09%09court.+If+the+Entrepreneur+has+not+heard+of+the+Consumer%E2%80%99s+option+within+the%3Cbr+%2F%3E%0D%0A%09%09period+of+five+weeks%2C+the+Entrepreneur+is+entitled+to+submit+the+dispute+to+the%3Cbr+%2F%3E%0D%0A%09%09competent+court.%3Cbr+%2F%3E%0D%0A%09%096.+The+Geschillencommissie%E2%80%99s+decision+will+be+made+under+the+conditions+as+set%3Cbr+%2F%3E%0D%0A%09%09out+in+the+rules+of+the+Arbitration+Commission%3Cbr+%2F%3E%0D%0A%09%09%28http%3A%2F%2Fwww.degeschillencommissie.nl%2Fover-onss%2Fdecommissies%2F2701%2Fwebshop%29.%3Cbr+%2F%3E%0D%0A%09%09A+decision+made+by+the+Geschillencommissie+is+a+binding+advice.%3Cbr+%2F%3E%0D%0A%09%097.+The+Disputes+Committee+will+not+handle+a+dispute+or+will+discontinue+handling%3Cbr+%2F%3E%0D%0A%09%09it+if+the+Entrepreneur+is+granted+a+moratorium%2C+goes+bankrupt+or+actually%3Cbr+%2F%3E%0D%0A%09%09ended+his+business+activities+before+the+Commission+has+handled+a+dispute+at%3Cbr+%2F%3E%0D%0A%09%09the+hearing+and+delivered+a+final+award.%3Cbr+%2F%3E%0D%0A%09%098.+If+in+addition+to+the+Geschillencommissie+Webshop+another+disputes%3Cbr+%2F%3E%0D%0A%09%09committee+recognised+by+or+affiliated+with+the+Stichting+Geschillencommissies%3Cbr+%2F%3E%0D%0A%09%09voor+Consumentenzaken+%28SGC%29+%5BFoundation+for+Consumer+Complaints%3Cbr+%2F%3E%0D%0A%09%09Committees%5D+or+the+Klachteninstituut+Financi%C3%ABle+Dienstverlening+%28Kifid%29%3Cbr+%2F%3E%0D%0A%09%09%5BFinancial+Services+Complaints+Board%5D+is+competent%2C+the+disputes+that+are%3Cbr+%2F%3E%0D%0A%09%09mainly+related+to+sales+methods+or+distance+services%2C+the%3Cbr+%2F%3E%0D%0A%09%09Geschillencommissie+Webshop+Keurmerk+is+preferably+competent%2C+and+for+all%3Cbr+%2F%3E%0D%0A%09%09other+disputes%2C+the+disputes+committee+recognised+by+and+affiliated+with+the%3Cbr+%2F%3E%0D%0A%09%09SGC+or+Kifid+is+competent.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%09%09%3Cstrong%3EArticle+16+%E2%80%93+Amendments+to+the+General+Terms+and+Conditions+%3C%2Fstrong%3E%3Cbr+%2F%3E%0D%0A%09%091.+Amendments+to+these+Terms+and+Conditions+are+valid+only+after+being%3Cbr+%2F%3E%0D%0A%09%09published+in+the+appropriate+way%2C+provided+that+in+case+of+appropriate%3Cbr+%2F%3E%0D%0A%09%09amendments%2C+the+provision+that+is+most+favourable+for+the+Consumer+shall%3Cbr+%2F%3E%0D%0A%09%09prevail+during+the+validity+of+an+offer.%3Cbr+%2F%3E%0D%0A%09%09%3Cbr+%2F%3E%0D%0A%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"(?i:[ ()]case ?\\\\(|\\\\) ?like ?\\\\(|\\\\bhaving ?[^\\\\s]+ ?[^\\\\w ]|\\\\bif ?\\\\([\\\\d\\\\w] ?[=<>~])\" at MATCHED_VAR. [file \"/usr/local/cwaf/rules/22_SQL_SQLi.conf\"] [line \"33\"] [id \"211700\"] [rev \"8\"] [msg \"COMODO WAF: Detects conditional SQL injection attempts||cms.fedon.nl|F|2\"] [data \"Matched Data: case found within MATCHED_VAR:  <h1> Conditions and Terms</h1> CONTENTS<br /> Article 1 - Definitions<br /> Article 2 - The Entrepreneur\\xe2\\x80\\x99s identity<br /> Article 3 - Applicability<br /> Article 4 - The offer<br /> Article 5 - The agreement<br /> Article 6 - Right of withdrawal<br /> Article 7 - Consumer\\xe2\\x80\\x99s obligations during the reflection period<br /> Article 8 - Exercising the Consumer\\xe2\\x80\\x99s right of withdrawal and the costs<br /> Article 9 - Entrepreneur\\xe2\\x...\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"SQLi\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"(?i:[ ()]case ?\\\\(|\\\\) ?like ?\\\\(|\\\\bhaving ?[^\\\\s]+ ?[^\\\\w ]|\\\\bif ?\\\\([\\\\d\\\\w] ?[=<>~])\" at MATCHED_VAR."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":591,"p2":184968,"p3":0,"p4":0,"p5":13,"sr":154,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
212340
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:54:03 +0100","transaction_id":"X89bS55hERMEmWIIEbVxLgAAnAg","remote_address":"194.165.34.247","remote_port":52487,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test2.php HTTP/2.0","headers":{"Content-Length":"795","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.n ","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test2.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Cscript%3E%0D%0A%09%09%28function%28i%2Cs%2Co%2Cg%2Cr%2Ca%2Cm%29%7Bi%5B%27GoogleAnalyticsObject%27%5D%3Dr%3Bi%5Br%5D%3Di%5Br%5D%7C%7Cfunction%28%29%7B%0D%0A%09%09%28i%5Br%5D.q%3Di%5Br%5D.q%7C%7C%5B%5D%29.push%28arguments%29%7D%2Ci%5Br%5D.l%3D1*new+Date%28%29%3Ba%3Ds.createElement%28o%29%2C%0D%0A%09%09m%3Ds.getElementsByTagName%28o%29%5B0%5D%3Ba.async%3D1%3Ba.src%3Dg%3Bm.parentNode.insertBefore%28a%2Cm%29%0D%0A%09%09%7D%29%28window%2Cdocument%2C%27script%27%2C%27%2F%2Fwww.google-analytics.com%2Fanalytics.js%27%2C%27ga%27%29%3B%0D%0A%0D%0A%09%09ga%28%27create%27%2C+%27UA-53097816-1%27%2C+%27auto%27%29%3B%0D%0A%09%09ga%28%27set%27%2C+%27anonymizeIp%27%2C+true%29%3B%0D%0A%09%09ga%28%27send%27%2C+%27pageview%27%29%3B%0D%0A%0D%0A%09%09%3C%2Fscript%3E%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Matched phrase \".parentnode\" at ARGS:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"56\"] [id \"212340\"] [rev \"4\"] [msg \"COMODO WAF: Cross-site Scripting (XSS) Attack||cms.fedon.nl|F|2\"] [data \"Matched Data: .parentnode found within ARGS:fiets:  <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-53097816-1', 'auto'); ga('set', 'anonymizeIp', true); ga('send', 'pageview'); </script> \"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Matched phrase \".parentnode\" at ARGS:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":691,"p2":1263,"p3":0,"p4":0,"p5":7,"sr":190,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
212740
Code: [Select]
{"transaction":{"time":"08/Dec/2020:11:57:20 +0100","transaction_id":"X89cEFx7dXpuEVi6OBbiXAAAKA4","remote_address":"194.165.34.247","remote_port":52551,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test3.php HTTP/2.0","headers":{"Content-Length":"2141","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.nl","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test3.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Ctitle%3E%25onderwerp%25%3C%2Ftitle%3E+%3Cmeta+content%3D%22text%2Fhtml%3B+charset%3Diso-8859-1%22+http-equiv%3D%22Content-Type%22+%2F%3E%0D%0A%09%09%09%3Ccenter%3E%0D%0A%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Fwww.mollenshop.com%2F%22%3E%3Cimg+alt%3D%22%22+border%3D%220%22+src%3D%22https%3A%2F%2Fmollenshop.com%2Fimages%2Flogo.png%22+%2F%3E%3C%2Fa%3E+%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09Tekst+hier%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09%25nieuwsbriefafmeldlink%25+%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cb%3ESchreuder+E-Commerce%3C%2Fb%3E%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Sterrenlaan+7%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%092743+LW+Waddinxveen+%28Zuid-Holland%29%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09The+Netherlands%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Telefoon%3A+%2B31+%280%29182-756629%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09E-mail%3A+info%40schreuder-e-commerce.com%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%3C%2Fcenter%3E%0D%0A%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash\" at ARGS_POST:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"69\"] [id \"212740\"] [rev \"6\"] [msg \"COMODO WAF: XSS Attack Detected||cms.fedon.nl|F|2\"] [data \"Matched Data: text/html; found within ARGS_POST:fiets: <title>%onderwerp%</title><metacontent=\\x22text/html;charset=iso-8859-1\\x22http-equiv=\\x22content-type\\x22/><center><ahref=\\x22https://www.mollenshop.com/\\x22><imgalt=\\x22\\x22border=\\x220\\x22src=\\x22https://mollenshop.com/images/logo.png\\x22/></a><br/><br/><br/><tablealign=\\x22center\\x22cellpadding=\\x220\\x22cellspacing=\\x220\\x22width=\\x22600\\x22><tbody><tr><tdstyle=\\x22border:1pxsolid\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash\" at ARGS_POST:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":498,"p2":1574,"p3":0,"p4":0,"p5":12,"sr":138,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}
Any thoughts?

FP will be fixed in the next rules release.

Offline Azurel

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #292 on: December 29, 2020, 11:11:25 AM »
This rule 218020
Code: [Select]
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\\\\\\\\.sql\\\\\\\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" at MATCHED_VAR. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/17_Outgoing_FilterSQL.conf"] [line "22"] [id "218020"] [rev "1"] [msg "COMODO WAF: Oracle SQL Information Leakage||www.example.com|F|2"] [data "Matched Data:
bans all visitors, because in page source code is a URI that contain "ora-2015" and matched pattern ORA-[0-9][0-9][0-9][0-9]=> <a href=".......-ushio-to-tora-2015">

System Plesk Obsidian 18.0.32 Update 2
« Last Edit: December 30, 2020, 03:53:47 AM by Azurel »

Offline NilsO

  • Newbie
  • *
  • Posts: 2
Re: False-Positive report thread
« Reply #293 on: January 06, 2021, 06:08:16 AM »
FP will be fixed in the next rules release.
Thank you. I did a temporary whitelist to test and ran into three more suspected FP's involving other rules:

212620
Code: [Select]
{"transaction":{"time":"06/Jan/2021:11:21:55 +0100","transaction_id":"X-WPQ3bGXlNFS8udIgUn5QABCRo","remote_address":"194.165.34.247","remote_port":54731,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test2.php HTTP/2.0","headers":{"Content-Length":"795","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.n ","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test2.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Cscript%3E%0D%0A%09%09%28function%28i%2Cs%2Co%2Cg%2Cr%2Ca%2Cm%29%7Bi%5B%27GoogleAnalyticsObject%27%5D%3Dr%3Bi%5Br%5D%3Di%5Br%5D%7C%7Cfunction%28%29%7B%0D%0A%09%09%28i%5Br%5D.q%3Di%5Br%5D.q%7C%7C%5B%5D%29.push%28arguments%29%7D%2Ci%5Br%5D.l%3D1*new+Date%28%29%3Ba%3Ds.createElement%28o%29%2C%0D%0A%09%09m%3Ds.getElementsByTagName%28o%29%5B0%5D%3Ba.async%3D1%3Ba.src%3Dg%3Bm.parentNode.insertBefore%28a%2Cm%29%0D%0A%09%09%7D%29%28window%2Cdocument%2C%27script%27%2C%27%2F%2Fwww.google-analytics.com%2Fanalytics.js%27%2C%27ga%27%29%3B%0D%0A%0D%0A%09%09ga%28%27create%27%2C+%27UA-53097816-1%27%2C+%27auto%27%29%3B%0D%0A%09%09ga%28%27set%27%2C+%27anonymizeIp%27%2C+true%29%3B%0D%0A%09%09ga%28%27send%27%2C+%27pageview%27%29%3B%0D%0A%0D%0A%09%09%3C%2Fscript%3E%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"<script\\\\b\" at ARGS_POST:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"65\"] [id \"212620\"] [rev \"3\"] [msg \"COMODO WAF: Cross-site Scripting (XSS) Attack||cms.fedon.nl|F|2\"] [data \"Matched Data: <script found within ARGS_POST:fiets: <script>(function(i,s,o,g,r,a,m){i['googleanalyticsobject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*newdate();a=s.createelement(o),m=s.getelementsbytagname(o)[0];a.async=1;a.src=g;m.parentnode.insertbefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create','ua-53097816-1','auto');ga('set','anonymizeip',true);ga('send','pageview');</script>\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"<script\\\\b\" at ARGS_POST:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":670,"p2":1328,"p3":0,"p4":0,"p5":10,"sr":180,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}

212960
Code: [Select]
{"transaction":{"time":"06/Jan/2021:11:21:57 +0100","transaction_id":"X-WPRXbGXlNFS8udIgUn9AABOho","remote_address":"194.165.34.247","remote_port":54731,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test3.php HTTP/2.0","headers":{"Content-Length":"2141","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.nl","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test3.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Ctitle%3E%25onderwerp%25%3C%2Ftitle%3E+%3Cmeta+content%3D%22text%2Fhtml%3B+charset%3Diso-8859-1%22+http-equiv%3D%22Content-Type%22+%2F%3E%0D%0A%09%09%09%3Ccenter%3E%0D%0A%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Fwww.mollenshop.com%2F%22%3E%3Cimg+alt%3D%22%22+border%3D%220%22+src%3D%22https%3A%2F%2Fmollenshop.com%2Fimages%2Flogo.png%22+%2F%3E%3C%2Fa%3E+%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09Tekst+hier%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%3Ctable+align%3D%22center%22+cellpadding%3D%220%22+cellspacing%3D%220%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%3Ctbody%3E%0D%0A%09%09%09%09%09%09%3Ctr%3E%0D%0A%09%09%09%09%09%09%09%3Ctd+style%3D%22border%3A1px+solid+%23d9d9d9%3Bpadding%3A15px%3Bbackground-color%3A%23e9e9e9%3Bcolor%3A%23000000%3Bfont-size%3A12px%3Bfont-family%3A+Arial%3B%22+width%3D%22600%22%3E%0D%0A%09%09%09%09%09%09%09%09%25nieuwsbriefafmeldlink%25+%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cb%3ESchreuder+E-Commerce%3C%2Fb%3E%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Sterrenlaan+7%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%092743+LW+Waddinxveen+%28Zuid-Holland%29%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09The+Netherlands%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09Telefoon%3A+%2B31+%280%29182-756629%3Cbr+%2F%3E%0D%0A%09%09%09%09%09%09%09%09E-mail%3A+info%40schreuder-e-commerce.com%3C%2Ftd%3E%0D%0A%09%09%09%09%09%09%3C%2Ftr%3E%0D%0A%09%09%09%09%09%3C%2Ftbody%3E%0D%0A%09%09%09%09%3C%2Ftable%3E%0D%0A%09%09%09%3C%2Fcenter%3E%0D%0A%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"<meta.{0,}?http-equiv\\\\/{0,}?=\\\\/{0,}?[\\\\x22'`]{0,1}(?:c|r|s|&#?x?0{0,}?(?:67|43|99|63|82|52|114|72|83|53|115|73);?)\" at ARGS_POST:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"125\"] [id \"212960\"] [rev \"5\"] [msg \"COMODO WAF: IE XSS Filters - Attack Detected.||cms.fedon.nl|F|2\"] [data \"Matched Data: <metacontent=\\x22text/html;charset=iso-8859-1\\x22http-equiv=\\x22c found within ARGS_POST:fiets: <title>%onderwerp%</title><metacontent=\\x22text/html;charset=iso-8859-1\\x22http-equiv=\\x22content-type\\x22/><center><ahref=\\x22https://www.mollenshop.com/\\x22><imgalt=\\x22\\x22border=\\x220\\x22src=\\x22https://mollenshop.com/images/logo.png\\x22/></a><br/><br/><br/><tablealign=\\x22center\\x22cellpadding=\\x220\\x22cellspacing=\\x220\\x22width=\\x22600\\x22><tbody><tr><tdstyle=\\x22border:1pxsolid\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"<meta.{0,}?http-equiv\\\\/{0,}?=\\\\/{0,}?[\\\\x22'`]{0,1}(?:c|r|s|&#?x?0{0,}?(?:67|43|99|63|82|52|114|72|83|53|115|73);?)\" at ARGS_POST:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":513,"p2":1822,"p3":0,"p4":0,"p5":7,"sr":154,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}

212890
Code: [Select]
{"transaction":{"time":"06/Jan/2021:11:25:44 +0100","transaction_id":"X-WQKLvGfMzQs[at]tulL7yNQABvR0","remote_address":"194.165.34.247","remote_port":54794,"local_address":"10.34.1.109","local_port":443},"request":{"request_line":"POST /test2.php HTTP/2.0","headers":{"Content-Length":"795","Cache-Control":"max-age=0","Upgrade-Insecure-Requests":"1","Origin":"https://cms.fedon.n ","Content-Type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","Sec-Fetch-Site":"same-origin","Sec-Fetch-Mode":"navigate","Sec-Fetch-User":"?1","Sec-Fetch-Dest":"document","Referer":"https://cms.fedon.nl/test2.php","Accept-Encoding":"gzip, deflate, br","Accept-Language":"nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7","Cookie":"uitgelogd=0","Host":"cms.fedon.nl"},"body":["fiets=%09%0D%0A%09%09%3Cscript%3E%0D%0A%09%09%28function%28i%2Cs%2Co%2Cg%2Cr%2Ca%2Cm%29%7Bi%5B%27GoogleAnalyticsObject%27%5D%3Dr%3Bi%5Br%5D%3Di%5Br%5D%7C%7Cfunction%28%29%7B%0D%0A%09%09%28i%5Br%5D.q%3Di%5Br%5D.q%7C%7C%5B%5D%29.push%28arguments%29%7D%2Ci%5Br%5D.l%3D1*new+Date%28%29%3Ba%3Ds.createElement%28o%29%2C%0D%0A%09%09m%3Ds.getElementsByTagName%28o%29%5B0%5D%3Ba.async%3D1%3Ba.src%3Dg%3Bm.parentNode.insertBefore%28a%2Cm%29%0D%0A%09%09%7D%29%28window%2Cdocument%2C%27script%27%2C%27%2F%2Fwww.google-analytics.com%2Fanalytics.js%27%2C%27ga%27%29%3B%0D%0A%0D%0A%09%09ga%28%27create%27%2C+%27UA-53097816-1%27%2C+%27auto%27%29%3B%0D%0A%09%09ga%28%27set%27%2C+%27anonymizeIp%27%2C+true%29%3B%0D%0A%09%09ga%28%27send%27%2C+%27pageview%27%29%3B%0D%0A%0D%0A%09%09%3C%2Fscript%3E%0D%0A%09%0D%0A%09"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"199","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":""},"audit_data":{"messages":["Access denied with code 403 (phase 2). Pattern match \"(?i:<script.{0,}?[\\\\s+\\\\/]{0,}?((src)|(xlink:href)|(href))[\\\\s+\\\\/\\\\t]{0,}=)\" at ARGS:fiets. [file \"/usr/local/cwaf/rules/07_XSS_XSS.conf\"] [line \"103\"] [id \"212890\"] [rev \"4\"] [msg \"COMODO WAF: IE XSS Filters - Attack Detected.||cms.fedon.nl|F|2\"] [data \"Matched Data: <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src= found within ARGS:fiets:  <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,d...\"] [severity \"CRITICAL\"] [tag \"CWAF\"] [tag \"XSS\"]"],"action":{"intercepted":true,"phase":2,"message":"Pattern match \"(?i:<script.{0,}?[\\\\s+\\\\/]{0,}?((src)|(xlink:href)|(href))[\\\\s+\\\\/\\\\t]{0,}=)\" at ARGS:fiets."},"handler":"application/x-httpd-lsphp","stopwatch":{"p1":716,"p2":1475,"p3":0,"p4":0,"p5":9,"sr":170,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","CWAF_Apache"],"server":"Apache/2","engine_mode":"ENABLED"}}

Offline Azurel

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #294 on: January 14, 2021, 05:09:02 AM »
What is this for a strange rule 210730?

Page visitors are banned because they have entered URLs incorrectly or there are invalid links on the page? What use is that supposed to be?

url was like https://www.example.com/www.webcomicsapp.com

Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.example.com|F|2"] [data ".webcomicsapp.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"]
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xx.xx.xx.xxx] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.example.com|F|2"] [data ".webcomicsapp.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.example.com"] [uri "/www.webcomicsapp.com"] [unique_id "...."]

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: False-Positive report thread
« Reply #295 on: January 22, 2021, 06:45:13 AM »
reported vulnerabilities will be fixed in the next rules release.

Offline azizarnold

  • Newbie
  • *
  • Posts: 5
    • Hostking
Re: False-Positive report thread
« Reply #296 on: January 23, 2021, 02:29:37 PM »
whmcs rule 212740 giving 403 or 404 error when saving general settings section of whmcs:

[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php





Hostking| Since 2013 | South Africa  | Secure Web hosting
Domains • Shared • Reseller • VPS • Backups • cPanel

Offline Azurel

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #297 on: May 14, 2021, 07:17:55 AM »
I get banned because of this rule id 212740 like [at]azizarnold reported in previous post, but another reason. Reason is "html/text" is part of this URL /text/htmlcheck

Message: Access denied with code 403 (phase 2). Pattern match "image\\/svg\\+xml|text\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\/x-shockwave-flash" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.example.com|F|2"] [data "Matched Data: text/htmlc found within REQUEST_URI: /folder1/folder2/folder3/text/htmlcheck"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"]
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xx.xx.xx.xx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\\\\\/svg\\\\\\\\+xml|text\\\\\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\\\\\/x-shockwave-flash" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.example.com|F|2"] [data "Matched Data: text/htmlc found within REQUEST_URI:/folder1/folder2/folder3/text/htmlcheck"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.example.com"] [uri "/folder1/folder2/folder3/text/htmlcheck"] [unique_id "YJ5ZWkc7mqFe2lF7rRPWkAAAAU0"]

Offline azizarnold

  • Newbie
  • *
  • Posts: 5
    • Hostking
Re: False-Positive report thread
« Reply #298 on: August 11, 2021, 02:38:38 AM »
Here is the 4 modsec rules we keep having to disable due to complaints. We checked and confirm on over 15 servers that this is common issues.

220030
210380

Below seems to affect WHMCS

212740
211220

Everything seems okish once those are off.
Hostking| Since 2013 | South Africa  | Secure Web hosting
Domains • Shared • Reseller • VPS • Backups • cPanel

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek