4

I use mod_security with the WAF Basic Rules by Atomicorp.com on my Apache webserver. It prevents me from doing a POST of a form, containing an URI.

For example, if I POST https://example.com/demo via form, there a 403 Forbidden error occures.

This is my Apache log file:

"/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "207"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] [hostname "*****.de"] [uri "/admin/"] [unique_id "*****"]

Can I just deactivate the rule with the ID 340162 or is there any other solution (maybe even without JavaScript)? I do not think that this rule is very important for me, because I am not a beginner programmer and does not have any eval(file_get_contents($_GET['url'])); or something other of this sort in my code ;-)

Richard
  • 2,840
  • 3
  • 25
  • 37
  • You can disable the rules per application based on the following link: https://www.atomicorp.com/wiki/index.php/Mod_security – Phani May 27 '15 at 17:48
  • @Phani: Yes, I have it disabled already for my application and it works fine. But my problem is, that it is a very important feature in my software to POST URIs. I just want to know, if I can pass this rule - and if yes how exactly - by masking URI in a simple way. – Richard May 27 '15 at 17:52
  • Then you may want to look at customizing rules section on the above link. – Phani May 27 '15 at 17:54

1 Answers1

2

In Plesk 12 you can go to Tools & Settings > Web Application Firewall (ModSecurity) and insert rule_id 340162 next to Security rule IDs (below Switch off security rules).

Juukie14
  • 168
  • 1
  • 5