Jump to content

Search the Community

Showing results for tags 'modsecurity'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • General Discussion
    • Website Management and Coding
    • Technology and the Internet
    • Philosophy, Politics, and Science
    • Art and Entertainment
    • Other Discussion
  • HelioHost
    • Questions
    • Customer Service
    • How You Can Help
  • HelioNet
    • News
    • Contact HelioNet

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Skype

Location

Interests

Found 1 result

  1. tobacom
    Hello, I am getting a 403 Forbidden error due to a modsecurity false positive when users return to my site from google oauth login. The Comodo WAF Rule ID 210580 gets triggered because google's callback url legitimately contains "userinfo.profile" in the scope parameter, which the firewall mistakes for an os file access attempt. domain: tobacom.helioho.st url: /api/googleauth could you please whitelist this rule for my domain? thanks full error: ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||tobacom.helioho.st|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "tobacom.helioho.st"] [uri "/api/googleauth"] [unique_id "aaRzqb0uOZk8uLSVyn3AywAAA40"], referer: https://accounts.google.com/
×
×
  • Create New...