[Rule ID 11089] / Google Bots

This rule blocks legitimate GoogleBots with a 403.

Very strange, Rule ID 11089 can’t block anything, could you post your logs?

2014-01-13 19:23:36 /?switch_grd=list&get_urls=https%3A%2F%2Fwww.cheapclerks.com%3A443%2Fsection%2Fmarketing-advertising%2F HTTP/1.1 www.cheapclerks.com [client] mod_security: Access denied with code 403, [Rule: ‘REQUEST_URI’ ‘=(?:data|gopher|ogg|php|zlib|(?:f|ht)tps{0,1})://’] [ID “11089”] [Msg “COMODO WAF: see rule description”] [severity “CRITICAL”] [MatchedString “/?switch_filter=views&get_urls=https://www.cheapclerks.com:443/section/internet-marketing/”]

Maybe not a rule torward Google Bots, probably a GET url ID but this is a legitimate site and a legitimate google bot.

It blocks file injection (URL in ARGs). Which web application is doing so? Hope we can add it as exception.