prestashop (ecommerce) and mod_security - legitime ip blocked

dandumit

• May 09, 2021 12:52

hello All, I have a prestashop (ecommerce) installed and I have activated mod security. Soon including my ip was blocked. browsing other forums I saw some reasoning due to multiple ajax calls. How I can fix this ? I would like to have mod_security activated. Thank you, Daniel

• 

  kodeslogic

  • May 09, 2021 21:57

  Please share some error logs if any modsec rule triggered.

  0
• 

  dandumit

  • May 10, 2021 08:32

  Hello @kodeslogic Those 3 lines are repeating zilion of times .

  2021-05-09 20:40:17	www.dioda.ro	79.119.87.63	CRITICAL	403	941120: XSS Filter - Category 2: Event Handler Vector Hide
  Request: GET /lampa-uv-c-sterilizare-bactericida/21155-mini-lampa-uv-c-dezinfectare-14mili-watt.html Action Description: Warning. Justification: Pattern match "(?i)([\\s\"'`;\\/0-9\\=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]+on[a-zA-Z]+[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=)" at REQUEST_COOKIES:PrestaShop-d3c46ede3e5104ffd311a97956e5ce0e. Report this hit
  2021-05-09 20:40:17	www.dioda.ro	79.119.87.63	CRITICAL	403	949110: Inbound Anomaly Score Exceeded (Total Score: 5) More
  2021-05-09 20:40:17	www.dioda.ro	79.119.87.63		403	980130: Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector More

  I was too clueless and I have loaded Comodo apache rules set and now it's not happening anymore. But I would like to come back to OWASP... I guess that it's better. Please tell me where else I should look ? What I should do ? Thank you, Daniel

  0
• 

  cPRex Jurassic Moderator

  • May 10, 2021 13:30

  The documentation here explains how you can whitelist the rules that are causing issues:

  -1

Please sign in to leave a comment.