Open MariuszMilka opened 3 months ago
Hi @MariuszMilka,
I think that's a normal behavior.
ModSecurity is a WAF engine: it splits the request into several parts. The decision is in hand of rule set.
The expected action in this case to create an exclusion against the rule, something like this:
SecRule REQUEST_URI "@beginsWith /your/uri/which/not/seems/here" \
"id:10000,\
phase:1,\
t:none,\
pass,
ctl:ruleRemoveTargetById=35001;REQUEST_HEADERS:User-Agent"
Put this rule before your ruleset, I hope this will solve your problem.
I have ModSecurity installed and configure by my hosting provider. Today I tried to refresh blank preview image of a link I posted on facebook. But Facebook Sharing Debugger kept giving me 403 response code. Then I found Modsecurity log telling me the request was blocked by the 350001. I temporarily switched off the rule and everything works. But I guess the same rule blocks many other boths that are actually bad, so please fix it, so I can re-activate it.