ModSecurity false-positive with ConfigServer cXs ModSecurity rule

mttdl

• September 15, 2020 02:39

Hello, into my server I have many cases of false-positive, how can I solve? (one hundred by hours sometimes). I searched online but nothing, this is a case of false-positive. Thanks for support. Matteo This is a sample: " Scanning web upload script file... Time : Mon, 14 Sep 2020 09:48:58 +0200 Web referer URL : Local IP : 185.31.65.34 Web upload script user : nobody (99) Web upload script owner: () Web upload script path : /home/---/public_html/2020 Web upload script URL :

• 

  GOT

  • September 15, 2020 15:35

  Only thing to do really is disable the rule that is triggering the false positive. Go to modsecurity tools, and search the logs for the IP that is causing the hit, then use the rule number to search in the rules list and there you can disable the rule.

  0
• 

  keat63

  • September 15, 2020 18:10

  Mod security doesn't work for everyone straight out of the box. I guess each domain/server is different. Different software etc may trigger different results. I agree with @GOT You'll probably have to disable a few rules to fine tune it for your needs.

  0
• 

  cPanelLauren

  • September 15, 2020 23:51

  As has been said already, like almost everything ModSecurity and custom rulesets need to be tweaked to suite your preferences. You may want to contact ConfigServer for issues with their ruleset as well.

  0

Please sign in to leave a comment.