nilshansen Posted 1 hour ago Posted 1 hour ago (edited) I am working with google oauth. The URL that is called by google seems to be blocked by heliohost. In the Web Application Firewall I added the security rule ID 210580, but that didn't help. From this forum post it seems like you need to adjust the rule on your side: https://helionet.org/index/topic/63233-solved-google-login-not-working-calling-a-403-error/ Would you be able to do that? My domain is https://knowledgebase.heliohost.us Here is the error [client 2a02:21b4:1a35:d800:7573:34c7:4ad9:cef7] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||knowledgebase.heliohost.us|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email openid https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "knowledgebase.heliohost.us"] [uri "/api/auth/callback/google"] [unique_id "aK7wBxk6NpbxASBBcBFsRQAAAU8"] Edited 1 hour ago by nilshansen Quote
wolstech Posted 1 hour ago Posted 1 hour ago I think this has happened before...Krydos can exclude it. Escalating. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.