marvelousaare Posted December 31, 2024 Posted December 31, 2024 Each time, someone tries to login using Google on my site it calls an error with this log notice π [client 105.112.210.126] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||akaites.com.ng|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "akaites.com.ng"] [uri "/auth/callback/google"] [unique_id "Z3RsB8yoZ5CO4oi1cFte6QAAAog"], referer: https://accounts.google.com/
wolstech Posted December 31, 2024 Posted December 31, 2024 Looks like a false positive by modsecurity due to the Google URL containing ".profile". The URL for the API endpoint isΒ https://www.googleapis.com/auth/userinfo.profile Not sure if there's a way to exclude things from this or not. Krydos will need to look at it.
Krydos Posted Wednesday at 05:00 AM Posted Wednesday at 05:00 AM Rule number 210580 has been disabled on the domain akaites.com.ng. Does it work now?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now