fuzzylogic
- Total activity 235
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 0
- Subscriptions 81
Activity overview
Latest activity by fuzzylogic-
fuzzylogic created a post,
Drupal core - Remote Code Execution - SA-CORE-2018-002 modsec rules
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 With the discovery of this Drupal vulnerability many cPanel accounts and/or servers will soon be at high risk of successful ...
-
fuzzylogic commented,
You're welcome. If you want to view more examples of WordPress specific exclusion rules, the CRS version 3.0.2 on GitHub has a .conf file for WordPress exclusions. It is an external link so I won't...
-
fuzzylogic commented,
I have never had to exclude rule 921160 to be able to save a WordPress post. Are you sure the request is from a trusted ip (eg. yours) and not a vulnerability scanner. If you have confirmed it is ...
-
fuzzylogic commented,
That request is hitting another rule, an XSS rule beginning with 941xxx. The rule it is hitting is not within the screenshot you posted. That rule is adding 5 points to the Inbound Anomaly Score, ...
-
fuzzylogic commented,
Using the [OR] operator on the code I submitted could prevent legitimate "Add to Cart" and "Add to Wishlist" functionality in the eShop in question if it uses... GET /category/whatever/?add_to_wish...
-
fuzzylogic commented,
This htaccess redirect should deny (status 403) any GET request with BOTH add_to_wishlist AND add-to-cart QUERY_STRING ARGS. RewriteEngine On RewriteCond %{QUERY_STRING} (?:^|&)add_to_wishlist= [N...
-
fuzzylogic commented,
Firstly do not disable rule 949110. It blocks requests in response to a high score tally from attack rules. (You might as well disable Modsecurity entirely). Secondly do not disable rule 980130. It...
-
fuzzylogic commented,
A goggle search for imh-modsec explains where these rules come from. They are a proprietary set of rule added by a particular web hosting company. One rule mentioned in the search results appears ...
-
fuzzylogic commented,
I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools. When I first used vi I had many wtf moments, especially when trying to save (or...
-
fuzzylogic commented,
And once you get mod_headers working in your htaccess files... Your Header set Pragma "no-cache" syntax is valid.