Closed mgiammarco closed 3 years ago
Hi @mgiammarco,
This is what we called a "false positive". Unfortunately, OWASP CRS doesn't have exclusions rules for "odoo" in their repository. Here are some alternatives :
More info :
Anyway, I keep this open because we need to improve a detailed documentation on how to resolve that kind of common problem.
Closing this because there is some tips about ModSecurity FP handling in the documentation.
Hello, I have enabled web security with owasp rules to protect an "odoo" ero installation. Simply browsing it I get this error:
ModSecurity: Access denied with code 403 (phase 4). Matched "Operator
Ge' with parameter4' against variable
TX:OUTBOUND_ANOMALY_SCORE' (Value:4' ) [file "/opt/owasp/crs/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "68"] [id "959100"] [rev ""] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [data ""] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "192.168.96.3"] [uri "/web/dataset/call_kw/calendar.event/load_views"] [unique_id "161773279369.250424"] [ref ""] while sending to client, client: 151.36.150.198, server: odoo.xxxx-group.it, request: "POST /web/dataset/call_kw/calendar.event/load_views HTTP/2.0", upstream: "http://xxx.yy.235.253:10080/web/dataset/call_kw/calendar.event/load_views", host: "odoo.xxxx-group.it:20443" mywww_1 | 2021/04/06 18:13:14 [alert] 1609#1609: *9 header already sent while sending to client, client: 151.36.150.198, server: odoo.xxxx-group.it, request: "POST /web/dataset/call_kw/calendar.event/load_views HTTP/2.0", upstream: "http://157.90.235.253:10080/web/dataset/call_kw/calendar.event/load_views", host: "odoo.xxxx-group.it:20443"
Is it my fault, a problem in bunkerity or in owasp rules? Thanks in advance for any help, Mario