False Positive #1 ( Prestashop script )

ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:[\\r \”'+/`]style[\\r +/]{0,}?=.{0,}([:=]|(&#x{0,1}0{0,}((58)|(3A)|(61)|(3D));{0,1})).{0,}?([(\\\\]|(&#x{0,1}0{0,}((40)|(28)|(92)|(5C));{0,1})))" at ARGS:description_2.

[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “1117”]

[id “213100”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”]

[data “Matched Data: style=\x22float: right;\x22 title=\x22eliquid diamondmist\x22 src=\x22http://www.ecigarros.pt/img/cms/flavoureliq_1.jpg\x22 alt=\x22eliquid diamondmist\x22 width=\x22218\x22 height=\x22439\x22 />

Nicotina – é uma substância estimulante e viciante do cigarro convêncional. A Diamond Mist oferce uma larga gama de teores para esta substância.

Aromatizantes – A nicotina por si s&oacute…”]

[uri “/vipadmin/index.php”]

Thanks for your feedback.
You may exclude rule 213100 by Comodo WAF Plugin/Catalog/Global config Search By Rule Id.

False Positive #2

ModSecurity: Access denied with code 403 (phase 2). Pattern match “\\.fromcharcode\\b” at ARGS:txt_l1.

[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “807”]

[id “212710”] [msg “COMODO WAF: Cross-site Scripting (XSS) Attack”]

[data “Matched Data: .fromcharcode found within ARGS:txt_l1: <p align=\x22center\x22 style=\x22text-align: center\x22><span style=\x22font-size: xx-large\x22><font color=\x22#ff6600\x22 style=\x22background-color: #ffffff\x22><font face=\x22arial, helvetica, sans-serif\x22>mascarilha apoio ao cliente
<font face=\x22arial, helvetica, sans-serif\x22 color=\x22#000000\x22>21 096 6480 10h às 19h

<font size=…”]

[severity “CRITICAL”] [uri “/bo/frames/textos/editar_texto2.php”]

Please, use the form https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html

Thank you.