Author Topic: More WHMCS Woes  (Read 1662 times)

Offline markb1439

  • Comodo Member
  • **
  • Posts: 38
More WHMCS Woes
« on: September 10, 2014, 04:21:32 PM »
Hi,

We're still having issues in WHMCS, for example we can't embed videos in knowledge base articles. We get a 403 when saving the article. I'm trying to isolate the rule(s) in question.

Is there any progress toward general WHMCS fixes (for the various false positives)?

Thanks,

Mark

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 370
Re: More WHMCS Woes
« Reply #1 on: September 10, 2014, 06:19:00 PM »
Hi Mark,

we are already working on this. If you have collected any info about WHMCS false positives (rule ids, logs, etc.) please submit it to me.

Thank you.

Offline mrdebian

  • Newbie
  • *
  • Posts: 4
Re: More WHMCS Woes
« Reply #2 on: December 02, 2020, 09:52:14 AM »
So many years ago and WHMCS still not working with Comodo rules. Plenty of false rules.
Example rules:

211220
212740

Both throw 403 errors when you try to save something in WHMCS backend.

Is there a solution on this?

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: More WHMCS Woes
« Reply #3 on: December 11, 2020, 05:16:17 PM »
So many years ago and WHMCS still not working with Comodo rules. Plenty of false rules.
Example rules:

211220
212740

Both throw 403 errors when you try to save something in WHMCS backend.

Is there a solution on this?
Please provide modsec_audit.log parts for these events.
Please post it in the false positive thread.

Offline azizarnold

  • Newbie
  • *
  • Posts: 5
    • Hostking
Re: More WHMCS Woes
« Reply #4 on: January 23, 2021, 02:27:47 PM »
We had a whmcs customer with the exact same issue.
Had to disable rule 212740

Code: [Select]
[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php
Hope that helps
Hostking| Since 2013 | South Africa  | Secure Web hosting
Domains • Shared • Reseller • VPS • Backups • cPanel

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek