More WHMCS Woes

markb1439 · September 10, 2014, 8:21pm

Hi,

We’re still having issues in WHMCS, for example we can’t embed videos in knowledge base articles. We get a 403 when saving the article. I’m trying to isolate the rule(s) in question.

Is there any progress toward general WHMCS fixes (for the various false positives)?

Thanks,

Mark

TDmitry · September 10, 2014, 10:19pm

Hi Mark,

we are already working on this. If you have collected any info about WHMCS false positives (rule ids, logs, etc.) please submit it to me.

Thank you.

mrdebian · December 2, 2020, 2:52pm

So many years ago and WHMCS still not working with Comodo rules. Plenty of false rules.
Example rules:

211220
212740

Both throw 403 errors when you try to save something in WHMCS backend.

Is there a solution on this?

Serhyo · December 11, 2020, 10:16pm

Please provide modsec_audit.log parts for these events.
Please post it in the false positive thread.

azizarnold · January 23, 2021, 7:27pm

We had a whmcs customer with the exact same issue.
Had to disable rule 212740

[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php

Hope that helps