fuzzylogic

  • Total activity 235
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 81

Activity overview

Latest activity by fuzzylogic
  • fuzzylogic created a post,

    Drupal core - Remote Code Execution - SA-CORE-2018-002 modsec rules

    Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 With the discovery of this Drupal vulnerability many cPanel accounts and/or servers will soon be at high risk of successful ...

  • fuzzylogic commented,

    You're welcome. If you want to view more examples of WordPress specific exclusion rules, the CRS version 3.0.2 on GitHub has a .conf file for WordPress exclusions. It is an external link so I won't...

  • fuzzylogic commented,

    I have never had to exclude rule 921160 to be able to save a WordPress post. Are you sure the request is from a trusted ip (eg. yours) and not a vulnerability scanner. If you have confirmed it is ...

  • fuzzylogic commented,

    That request is hitting another rule, an XSS rule beginning with 941xxx. The rule it is hitting is not within the screenshot you posted. That rule is adding 5 points to the Inbound Anomaly Score, ...

  • fuzzylogic commented,

    Using the [OR] operator on the code I submitted could prevent legitimate "Add to Cart" and "Add to Wishlist" functionality in the eShop in question if it uses... GET /category/whatever/?add_to_wish...

  • fuzzylogic commented,

    This htaccess redirect should deny (status 403) any GET request with BOTH add_to_wishlist AND add-to-cart QUERY_STRING ARGS. RewriteEngine On RewriteCond %{QUERY_STRING} (?:^|&)add_to_wishlist= [N...

  • fuzzylogic commented,

    Firstly do not disable rule 949110. It blocks requests in response to a high score tally from attack rules. (You might as well disable Modsecurity entirely). Secondly do not disable rule 980130. It...

  • fuzzylogic commented,

    A goggle search for imh-modsec explains where these rules come from. They are a proprietary set of rule added by a particular web hosting company. One rule mentioned in the search results appears ...

  • fuzzylogic commented,

    I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools. When I first used vi I had many wtf moments, especially when trying to save (or...

  • fuzzylogic commented,

    And once you get mod_headers working in your htaccess files... Your Header set Pragma "no-cache" syntax is valid.