modsecurity rule 1234123436
Hi,
We frequently get rule 1234123436 reported, We can disable it of course but wondered if anyone can tell us if the message below is a attempt at reading the config file to hack or part of the normal cart process:
[QUOTE]/cart.php?a=byroe&templatefile=../../../configuration.php%00 HTTP/1.1
[QUOTE]Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:templatefile outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"> [line "52"> [id "1234123436"> [msg "Invalid character in request"> [severity "WARNING">
[QUOTE]Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:templatefile outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"> [line "52"> [id "1234123436"> [msg "Invalid character in request"> [severity "WARNING">
-
That is a malicious request. 0 -
[quote="quizknows, post: 1504122">That is a malicious request.
Thanks for the info quizknows !0 -
Hello :) Yes, you will typically see those requests from bots that attempt search the Internet for websites that are open to exploits. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments