marvelousaare Posted December 31, 2024 Posted December 31, 2024 Each time, someone tries to login using Google on my site it calls an error with this log notice ? [client 105.112.210.126] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||akaites.com.ng|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "akaites.com.ng"] [uri "/auth/callback/google"] [unique_id "Z3RsB8yoZ5CO4oi1cFte6QAAAog"], referer: https://accounts.google.com/
wolstech Posted December 31, 2024 Posted December 31, 2024 Looks like a false positive by modsecurity due to the Google URL containing ".profile". The URL for the API endpoint isĀ https://www.googleapis.com/auth/userinfo.profile Not sure if there's a way to exclude things from this or not. Krydos will need to look at it.
Krydos Posted January 1, 2025 Posted January 1, 2025 Rule number 210580 has been disabled on the domain akaites.com.ng. Does it work now?
Recommended Posts