tobacom Posted March 1 Posted March 1 Hello, I am getting a 403 Forbidden error due to a modsecurity false positive when users return to my site from google oauth login. The Comodo WAF Rule ID 210580 gets triggered because google's callback url legitimately contains "userinfo.profile" in the scope parameter, which the firewall mistakes for an os file access attempt. domain: tobacom.helioho.st url: /api/googleauth could you please whitelist this rule for my domain? thanks full error: ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||tobacom.helioho.st|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "tobacom.helioho.st"] [uri "/api/googleauth"] [unique_id "aaRzqb0uOZk8uLSVyn3AywAAA40"], referer: https://accounts.google.com/
Krydos Posted March 1 Posted March 1 You can disable modsecurity rules yourself. 1. Login at https://heliohost.org/login/ 2. Click Continue to Plesk. 3. Click Websites & Domains in the left navigation pane. 4. Click your domain to expand the view. 5. Click the Dashboard tab along the top. 6. Click Web Application Firewall icon in the bottom right corner. 7. Type the ID "210580" into the Security rules IDs box (without the quotes). 8. Click ok at the bottom of the screen. 9. Wait for up to 2 hours for Apache to restart. Let us know if you run into any issues with the above process. 1
Recommended Posts