0

My websites are getting a serious downtime, and my users are complaining a lot.

I keep getting the following error from the hosted server in log.

[Tue Jun 11 00:53:31.161600 2019] [:error] [pid 110055:tid 140662619748096] [client IP] ModSecurity: Warning. Pattern match "^POST$" at REQUEST_METHOD. [file "/opt/mod_security/hg_rules.conf"] [line "1421"] [id "9009999"] [msg "8 char spam"] [hostname "hostname"] [uri "url"] [unique_id "unique id"], referer: url

I could not find any solution over google, so I'm here. PLEASE HELP ME!

JS

  var xhr = new XMLHttpRequest();
    xhr.open("POST", "filename.php", true);
    xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    xhr.send(data);

PHP

if(isset($_POST['requested_data'])){
        //queries and echo
}
Sarabjit
  • 129
  • 3
  • 13
  • You need to ask your hosting provider for this rule (900999) and why it's failing. The only hint is the message they have set up for this rule ("8 char spam") but I can only guess what that means! I would guess this is a chained set of rules looking for POST requests (as shown in the error) AND some other requirement (not shown in this error as next rule (or rules) in the chain). – Barry Pollard Jun 11 '19 at 16:43

1 Answers1

0

Obviously a ModSecurity rule in your "/opt/mod_security/hg_rules.conf" file of your web server. You might need to either comment out the rule if its not needed or SecRuleUpdateTargetById 9009999 "!POST:/^matched pattern.*/" to whitelist the matched pattern.

user1978601
  • 53
  • 1
  • 7
  • I'm using shared services from Hostgator, and they are saying they cannot whitelist it for me. – Sarabjit Jun 11 '19 at 13:07
  • [msg "8 char spam"] do you know the meaning of this ? – Sarabjit Jun 11 '19 at 13:22
  • Its only a description message to rule 900999, so Hostgator could send you details of the rule and the pattern its trying to match. You can then modify your script based on the content of the rule, where they have refused to do a whitelist for u. – user1978601 Jun 11 '19 at 22:47
  • Thank you @user1978601 , but they are only providing me the above mentioned detail only and I'm completely unaware towards what i need to change in my script for that. – Sarabjit Jun 12 '19 at 14:53