Facebook
Twitter
- Server operating system version
- Windows Server 2016
- Plesk version and microupdate number
- 18.0.55 Update #2
Hi,
I have a WCF site, that can't be called when ModSecurity is on. Found the description below in the EventViewer. Can this be solved?
[client 46.39.122.103] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[^;\\s,]+[;\\s,].*?(?
?:application(?:\\/soap\\+|\\/)|text\\/)xml|application\\/(?:.+[+])?json)" at REQUEST_HEADERS:Content-Type. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "285"] [id "921421"] [msg "Content-Type header: Dangerous content type outside the mime type declaration"] [data "Matched Data: multipart/related; type=\x22application/xop+xml\x22;start=\x22<Info>\x22;boundary=\x22uuid:7bca3b2d-fd55-4ba6-92b4-c1ff6868453e+id=1\x22;start-info=\x22application/soap+xml found within REQUEST_HEADERS:Content-Type: multipart/related; type=\x22application/xop+xml\x22;start=\x22<Info>\x22;boundary=\x22uuid:7bca3b2d-fd55-4ba6-92b4-c1ff6868453e+id=1\x22;start-info=\x22application/soap+xml\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-l [hostname "REMOVED"] [uri "REMOVED"] [unique_id "15348267532226134832"]
I have a WCF site, that can't be called when ModSecurity is on. Found the description below in the EventViewer. Can this be solved?
[client 46.39.122.103] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[^;\\s,]+[;\\s,].*?(?
?:application(?:\\/soap\\+|\\/)|text\\/)xml|application\\/(?:.+[+])?json)" at REQUEST_HEADERS:Content-Type. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "285"] [id "921421"] [msg "Content-Type header: Dangerous content type outside the mime type declaration"] [data "Matched Data: multipart/related; type=\x22application/xop+xml\x22;start=\x22<Info>\x22;boundary=\x22uuid:7bca3b2d-fd55-4ba6-92b4-c1ff6868453e+id=1\x22;start-info=\x22application/soap+xml found within REQUEST_HEADERS:Content-Type: multipart/related; type=\x22application/xop+xml\x22;start=\x22<Info>\x22;boundary=\x22uuid:7bca3b2d-fd55-4ba6-92b4-c1ff6868453e+id=1\x22;start-info=\x22application/soap+xml\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-l [hostname "REMOVED"] [uri "REMOVED"] [unique_id "15348267532226134832"]
