• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

mod security horde issue...

C

christleo

Guest
I've tried using my webmail and everytime i enter a invalid username/password i receive a page cannot be found....

Thu Dec 25 15:04:45 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/"] [unique_id "n6BWo38AAAEAAF0nrZQAAAAF"]
[Thu Dec 25 15:04:46 2008] [error] [client202.202.202.202] ModSecurity: Could not set variable "resource.alerted_960903_compression" as the collection does not exist. [hostname "webmail.xxxxxx.com"] [uri "/login.php"] [unique_id "n6Lycn8AAAEAAF0EoEYAAAAB"]
[Thu Dec 25 15:04:46 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/login.php"] [unique_id "n6Lycn8AAAEAAF0EoEYAAAAB"]
[Thu Dec 25 15:05:07 2008] [error] [client202.202.202.202] ModSecurity: Could not set variable "resource.alerted_960903_compression" as the collection does not exist. [hostname "webmail.xxxxxx.com"] [uri "/imp/redirect.php"] [unique_id "n-9DM38AAAEAAF1CsQoAAAAG"]
[Thu Dec 25 15:05:07 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/imp/redirect.php"] [unique_id "n-9DM38AAAEAAF1CsQoAAAAG"]


I believe that modsecurity is preventing this....

any idea how to disable or fix this issue?
 
everything was default install...

running in a virtuozzo plesk
 
When you say default, you mean mod_security, right? I just want to be crystal clear on this. There are two solutions to this issue:

1. Add the entire domain to the modsec exclude conf
2. Disable the rule ID (960903) in modsec conf for the offending domain.
 
/etc/httpd/conf.d/modsecurity_crs_10_config.conf
/etc/httpd/conf.d/modsecurity_crs_20_protocol_violations.conf
/etc/httpd/conf.d/modsecurity_crs_21_protocol_anomalies.conf
/etc/httpd/conf.d/modsecurity_crs_30_http_policy.conf
/etc/httpd/conf.d/modsecurity_crs_35_bad_robots.conf
/etc/httpd/conf.d/modsecurity_crs_40_generic_attacks.conf
/etc/httpd/conf.d/modsecurity_crs_45_trojans.conf
/etc/httpd/conf.d/modsecurity_crs_50_outbound.conf
/etc/httpd/conf.d/modsecurity_crs_55_marketing.conf


I do not have exclude .conf

Here're all the modsecurity files
 
You're using the generic core rules, you have to manually tune those for your system. Or you can use my rules which have already been tuned for Plesk:

http://www.gotroot.com
 
You must log in or register to reply here.

Similar threads

Q
Issue mod security settings for nextcloud works only fo several hours
Replies
0
Views
769
Quit96
Q
N
Resolved ModSecurity / WCF call / 403
Replies
2
Views
1K
newbe
N
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
419
Linulex
Linulex
P
Issue my website not rendering in some countries due to modsecurity
Replies
0
Views
649
pointsriver
P
P
Question my website not rendering in some countries due to modsecurity
Replies
0
Views
542
pointsriver
P
Back
Top