modsecurity false positive (rule id: 210580) on google oauth response

[tobacom]

Hello, I am getting a 403 Forbidden error due to a modsecurity false positive when users return to my site from google oauth login.

The Comodo WAF Rule ID 210580 gets triggered because google's callback url legitimately contains "userinfo.profile" in the scope parameter, which the firewall mistakes for an os file access attempt.

domain: tobacom.helioho.st

url: /api/googleauth

could you please whitelist this rule for my domain? thanks

full error:
ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||tobacom.helioho.st|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "tobacom.helioho.st"] [uri "/api/googleauth"] [unique_id "aaRzqb0uOZk8uLSVyn3AywAAA40"], referer: https://accounts.google.com/

[KazVee]

This support request is being escalated to our root admins.

[Krydos]

You can disable modsecurity rules yourself.

1. Login at https://heliohost.org/login/
2. Click Continue to Plesk.
3. Click Websites & Domains in the left navigation pane.
4. Click your domain to expand the view.
5. Click the Dashboard tab along the top.
6. Click Web Application Firewall icon in the bottom right corner.
7. Type the ID "210580" into the Security rules IDs box (without the quotes).
8. Click ok at the bottom of the screen.
9. Wait for up to 2 hours for Apache to restart.

Let us know if you run into any issues with the above process.