1
Free Modsecurity rules - Comodo Web Application Firewall / Re: False-Positive report thread
« Last post by azizarnold on Today at 02:29:37 PM »whmcs rule 212740 giving 403 or 404 error when saving general settings section of whmcs:
[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?
?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php
[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?
