, "SessionID Parameter Name with No Referer", phpsessid found within..

Hello, in Czech republic, is the biggest search engine beside Google.
I see it was blocked by the Comodo Mod Security rule with severity “CRITICAL”. As a noob, i do not see any critical danger out of this robot visit. And also see no problem with SessionID being visited directly. Some CMS is “wrongly” programmed to show session ID and when someone copy the address bar URL with session ID and publish it somewhere, then innocent visitors will be blocked?

--fbfe0225-A-- [07/Sep/2017:09:58:52 +0000] WbEYXJteQx0AAGjlsIkAAAAW 28206 80 --fbfe0225-B-- GET /forum/index.php?PHPSESSID=02d4b5571c0423ad0cd907aaebe712b0&action=help;area=board_index HTTP/1.1 Host: Accept: */* Accept-Language: cs User-Agent: Mozilla/5.0 (compatible; SeznamBot/3.2; + Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 19 Aug 2017 05:48:33 GMT Connection: keep-alive

HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 119
Keep-Alive: timeout=8, max=170
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1


Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file “/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf”] [line “47”] [id “211180”] [rev “2”] [msg “COMODO WAF: Session Fixation: SessionID Parameter Name with No Referer|||F|2”] [data “Matched Data: phpsessid found within REQUEST_HEADERS: 0”] [severity “CRITICAL”] [tag “CWAF”] [tag “Generic”]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php5
Stopwatch: 1504778332555468 35457 (- - -)
Stopwatch2: 1504778332555468 35457; combined=983, p1=650, p2=177, p3=0, p4=0, p5=117, sr=75, sw=39, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.0 (; CWAF_Apache.
Server: Apache
Engine-Mode: “ENABLED”

–fbfe0225-Z-- :P0l

please, exclude rule 211180.
I need to know if you use some kind of web-host management system. I mean cPanel, Plesk, DirectAdmin. Or if use standalone installation.

Thx, i am using cPanel. If you mean to disable this rule, i just disabled it. But i am looking to have it enabled to get rid of bad bots. Might be good if the rule can be tweaked not to cause this possible false positive so i can enable it again. thx