Jump to content

Recommended Posts

Posted

Hello, I am getting a 403 Forbidden error due to a modsecurity false positive when users return to my site from google oauth login.

The Comodo WAF Rule ID 210580 gets triggered because google's callback url legitimately contains "userinfo.profile" in the scope parameter, which the firewall mistakes for an os file access attempt.

domain: tobacom.helioho.st

url: /api/googleauth

could you please whitelist this rule for my domain? thanks

full error:
ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||tobacom.helioho.st|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "tobacom.helioho.st"] [uri "/api/googleauth"] [unique_id "aaRzqb0uOZk8uLSVyn3AywAAA40"], referer: https://accounts.google.com/

Posted

This support request is being escalated to our root admins.

Posted

You can disable modsecurity rules yourself.

1. Login at https://heliohost.org/login/
2. Click Continue to Plesk.
3. Click Websites & Domains in the left navigation pane.
4. Click your domain to expand the view.
5. Click the Dashboard tab along the top.
6. Click Web Application Firewall icon in the bottom right corner.
7. Type the ID "210580" into the Security rules IDs box (without the quotes).
8. Click ok at the bottom of the screen.
9. Wait for up to 2 hours for Apache to restart.

Let us know if you run into any issues with the above process.

  • Thanks 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...