Facebook
Twitter
Azurel
Silver Pleskian
In subscription error_log I found this kind of entries:
Without the query string, however, this is not very helpful to be able to look up what the attack was or even to be able to change some of your parameters because false positive.
Is here a setting to add query string behind "[uri ...]"?
Code:
[Thu Apr 23 12:46:58.707718 2020] [:error] [pid 23156] [client 2600:.....:c6cb] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "253"] [id "33340149"] [rev "152"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potential Cross Site Scripting Attack"] [data "shell:"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:< ?i?frame ?src ?= ?(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:\\\\.add|\\\\@)import |asfunction\\\\:|background-image\\\\:|e(?:cma|xec)script|\\\\.fromcharcode|get(?:parentfolder|specialfolder)|\\\\.innerhtml|\\\\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s| ..." at REQUEST_URI. [hostname "www.example.com"] [uri "/path1/path2/"] [unique_id "Xq....AE"]Without the query string, however, this is not very helpful to be able to look up what the attack was or even to be able to change some of your parameters because false positive.
Is here a setting to add query string behind "[uri ...]"?
