Problems with ModSecurity

  • Resolved euchia

    (@euchia)


    4 months, 1 week ago

    Hi, I use your plugin on a lot of sites and, since some time, I saw a error_log row saying about a problemi with ModSecurity, in particular with the rule 214930

    [security2:error] [pid 27124:tid 47488182654720] [client x.x.x.x:43402] [client x.x.x.x] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/20_Outgoing_FiltersEnd.conf”] [line “35”] [id “214930”] [rev “1”] [msg “COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.xxx.com|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “FiltersEnd”] [hostname “www.xxx.com”] [uri “/wp-content/plugins/burst-statistics/endpoint.php”] [unique_id “ZpUr2-x2XVhlsV_cWw8nMQAAIRg”], referer: https://www.xxx.com/le-nostre-proposte/appartamento-f3

    I asket my hosting provider about it, and it says that is a rule that they cannot disable, because disabling this would means disable ModSecurity at all (all the outbound connections).

    Is there a solution? What this error implicate?

    • This topic was modified 4 months, 1 week ago by euchia.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    @euchia it’s not entirely clear from this message what the rule is that was triggered. You mention outbound connection, but the URL is located on your own server, not sure why this would count as an outbound connection?

    Maybe you can check that with the hosting provider. And if the hosting provider can tell us a bit more about why this rule was triggered, I can see if we can do anything about it.

    Thread Starter euchia

    (@euchia)

    Hi Rogier, sorry for the delay in replying to you but I didn’t receive the email notification.

    Anyway.

    I’ll try to check this with the provider, I’ll let you know.

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    @euchia today we are releasing a new version with an adjustment which might resolve this, but as I don’t know the rule that triggers this I can’t be sure.

    Thread Starter euchia

    (@euchia)

    Oh, thank you for the update, so I’ll check if this update solves it and I’ll let you know.

    In the meanwhile, I’m asking to the provider.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.