Open dote78 opened 3 years ago
Hello
Moodle 3.9 on centos 7 with plesk obsidian here. I have mod_security active with comodo free ruleset. after installing latest eguru version site gives error 403, and mod_security log reports these 2 incidents
[Thu Nov 05 20:37:07.481138 2020] [:error] [pid 54390:tid 139851529025280] [client 79.155.66.23:36168] [client 79.155.66.23] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/16_Outgoing_FilterPHP.conf"] [line "20"] [id "214630"] [rev "1"] [msg "COMODO WAF: PHP source code leakage|||F|3"] [data "Matched Data: <? found within RESPONSE_BODY: <!DOCTYPE html>\x0a\x0d\x0a\x0d\x0a Learning - <mysiteurl>\x0d\x0a <link rel=\x22shortcut icon\x22 href=\x22https:///theme/image.php/eguru/theme/1604605020/favicon\x22 />\x0d\x0a \x0a<meta name=\x22keywords\x22 content=\x22moodle, Learning - \x22 />\x0a<li..."] [severity "ERROR"] [tag "CWAF"] [tag "FilterPHP"] Access denied with code 403 (phase 4). Match of "rx (?:\\b(?:gif|(?:cws|f(?:lv|ws)|i(?:d3|hdr|nterplay)|m(?:ovi|thd)|r(?:ar\\!|iff)|varg|(?:ex|jf)if)\\b)|B(?:%pdf|\\.ra)\\b)" against "RESPONSE_BODY" required. [hostname ""] [uri "/index.php"] [unique_id "X6RUYxIyQmgLew-jvd7RTgAAAEQ"], referer: https:///theme/index.php
[Thu Nov 05 20:37:07.481650 2020] [:error] [pid 54390:tid 139851529025280] [client 79.155.66.23:36168] [client 79.155.66.23] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4||F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Warning. Operator GE matched 4 at TX:outgoing_points. [hostname ""] [uri "/error_docs/forbidden.html"] [unique_id "X6RUYxIyQmgLew-jvd7RTgAAAEQ"], referer: https:///theme/index.php
It can be sorted by disabling rule id numbers 214630 and 214940 in mod_security, but it would be better if it could be sorted in development.
Thanks a lot
Fran
Hello
Moodle 3.9 on centos 7 with plesk obsidian here. I have mod_security active with comodo free ruleset. after installing latest eguru version site gives error 403, and mod_security log reports these 2 incidents
[Thu Nov 05 20:37:07.481138 2020] [:error] [pid 54390:tid 139851529025280] [client 79.155.66.23:36168] [client 79.155.66.23] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/16_Outgoing_FilterPHP.conf"] [line "20"] [id "214630"] [rev "1"] [msg "COMODO WAF: PHP source code leakage|||F|3"] [data "Matched Data: <? found within RESPONSE_BODY: <!DOCTYPE html>\x0a\x0d\x0a\x0d\x0a Learning - <mysiteurl> \x0d\x0a <link rel=\x22shortcut icon\x22 href=\x22https:///theme/image.php/eguru/theme/1604605020/favicon\x22 />\x0d\x0a \x0a<meta name=\x22keywords\x22 content=\x22moodle, Learning - \x22 />\x0a<li..."] [severity "ERROR"] [tag "CWAF"] [tag "FilterPHP"] Access denied with code 403 (phase 4). Match of "rx (?:\\b(?:gif|(?:cws|f(?:lv|ws)|i(?:d3|hdr|nterplay)|m(?:ovi|thd)|r(?:ar\\!|iff)|varg|(?:ex|jf)if)\\b)|B(?:%pdf|\\.ra)\\b)" against "RESPONSE_BODY" required. [hostname ""] [uri "/index.php"] [unique_id "X6RUYxIyQmgLew-jvd7RTgAAAEQ"], referer: https:///theme/index.php
[Thu Nov 05 20:37:07.481650 2020] [:error] [pid 54390:tid 139851529025280] [client 79.155.66.23:36168] [client 79.155.66.23] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4||F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Warning. Operator GE matched 4 at TX:outgoing_points. [hostname ""] [uri "/error_docs/forbidden.html"] [unique_id "X6RUYxIyQmgLew-jvd7RTgAAAEQ"], referer: https:///theme/index.php
It can be sorted by disabling rule id numbers 214630 and 214940 in mod_security, but it would be better if it could be sorted in development.
Thanks a lot
Fran