On a Apache based web server, Mod Security is enabled. Using my Codeigniter code, I am storing the url of a location from google maps. I have created a textbox in which only the url part of the embed tag is required, the iframe tag is not required because it is hard coded in the view.
Thus, I am trying to save the google map location url in mysql database through codeigniter coding. The issue is that if mod security is enabled on server, I get the following error:
Forbidden
You don't have permission to access /UpdateContact on this server.
But, If I disable mod security and then try to submit the url again, it works fine.
Please tell me how to solve this issue while keeping mod security enabled on my web server.
UPDATE
modsec_audit.log says:
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+" at ARGS:gmap. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] .... Google Map Embed url ... [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2)
A simple solution is to remove the rule number 981260 by its ID but this will make server prone to SQL Injection Attacks.
Is there any way out?
UPDATE Issues are increasing as I am using it more.
"The BIPAP or Bi-level Positive Airway Pressure machine is a non-invasive machine that is used for people who are diagnosed with having sleep apnea where it helps them attain more air into their lungs while sleeping." and mod again block it by saying: "[id "981256"] [msg "Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections"] [data "Matched Data: having s found within ARGS:"
[id "959072"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: and 2 found within ARGS:product_metadesc: A drip stand typically is having a rolling base and 2 to 4 hooks in it to hold the bags or bottles of fluids."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
[id "973334"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: 't want to use western commode) \xe2\x80\xa2 Lid option \xe2\x80\xa2 Sturdy ( found within ARGS:descr: Toilet Converter helps in reducing the cost of installing a western commode and also saves time. It can be used anywhere on any Indian toilet. Features: \xe2\x80\xa2 Foldable (Provides convenience to other family members who don't want to use western commode) \xe2\x80\xa2 Lid option \xe2\x80\xa2 Sturdy (Additional support at the bottom to prevent falling) \xe2\x80\xa2 Rustproof (powder co..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
[id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: length ( found within ARGS:descr: Mackintosh sheet is a waterproof sheet made up of rubber. It provides an effective way to protect the mattress from water and other liquids while lying on a bed. It is used in hospital and home settings for the patients/ elders who are confined to bed due to any reason.\x0d\x0aFeatures:\x0d\x0a- Made up of soft rubber\x0d\x0a- Latex-free\x0d\x0a- Thin\x0d\x0a- Breathable\x0d\x0a- Washable \x0d\x0a- Available in roll length (1 meter)\x0d\x0a"] [severity "CRITICAL"]
[id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data: Upgrade-Insecure-Requests found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Pattern match "\b(?i:having)\b\s+(\d{1,10}|'[^=]{1,10}')\s*?[=<>]|(?i:\bexecute(\s{1,5}[\w\.$]{1,5}\s{0,3})?\()|\bhaving\b ?(?:\d{1,10}|[\'\"][^=]{1,10}[\'\"]) ?[=<>]+|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:(?:(select(.* ..." at ARGS:fpara. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "130"] [id "959070"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: from a stroke, Parkinson\xe2\x80\x99s disease or multiple sclerosis (MS).\x0d\x0aBones, Joints and Soft Tissues: This includes conditions such as back pain, shoulder pain, neck pain, and sports injuries.\x0d\x0aLungs and Breathing: This includes chronic obstructive pulmonary disease (COPD) and cystic fibrosis.\x0d\x0aHeart and Circulation: This includes rehabilitation after a heart attack.\x0d\x0a\x0d\x0aTo help you cope with the discomfort, we offer you physiotherapy treatments that are ai..."] [s
Pattern match "(?i:(?:[\s()]case\s*?\()|(?:\)\s*?like\s*?\()|(?:having\s*?[^\s]+\s*?[^\w\s])|(?:if\s?\([\d\w]\s*?[=<>~]))" at ARGS:desc. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "217"] [id "981241"] [msg "Detects conditional SQL injection attempts"] [data "Matched Data: having fractures, found within ARGS:desc: Super Doc Health Care has a wide range of walking aids, for the patients having fractures, paralysis, knee replacement, hip replacement."] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
I have checked user input, its just normal paragraph written in english about a product. This is really bad how to get rid of it?
