Possible a False Positive

_0M0D0 · October 27, 2015, 6:07pm

I have installed PHPMyAdmin in one server where the WAF is installed.

One action that WAF blocks is when I upload a MySQL file.

So my question is, what do I need to provide you in order to fix this possible false positive?
Where should I start looking (in logs)? I have looked into mod sec_audit.log and it shows something there. Should I sent it to you?

Thanks in advance for the help.

TDmitry · October 28, 2015, 11:31am

You can take last entry from audit_log starting from “A” part and paste it here.

_0M0D0 · October 28, 2015, 3:05pm

Alright, thank you for the tip.

I have posted (PM) the audit_log as per your request.

oleg.tsygany · October 29, 2015, 8:42am

Thank you for info provided.

We will check it and fix rule ASAP.

Regards, Oleg

_0M0D0 · November 9, 2015, 2:58pm

Was this already fixed?

TDmitry · November 9, 2015, 4:10pm

I have send you PM message with recommendations, because this is private issue.