ModSecurity blocks google analytics script tag
My application allows the user to use his own google-analytics script tag, which is stored in the application SQL database and used at the footer of the application/site.
Unfortunately, I discovered that the user couldn't save the page and received a 403 http error. Apparently, ModSecurity detects the script tag in the submitted textarea as cross site scripting attack.
The log says:
ModSecurity: Access denied with code 403 (phase 2). Pattern match
"(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|
chrome)|< ?/?i?frame|\\\\%env)" at ARGS:SSL_SITE_SEAL. [file
"/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"> [line
"990"> [id "340147"> [rev "133"> [msg "Atomicorp.com WAF Rules:
Potential Cross Site Scripting Attack"> [data "
-
Not yet, I'm still with the old default rules. Looks like ConfigServer's tool is the way to go, nice to stop specific rules from running per URL. Thank you! 0
Please sign in to leave a comment.
Comments
2 comments