fuzzylogic

1. Community
2. Security
3. ModSecurity Rule Triggered by autodiscover

Just to be clear I don't use Autodiscover and won't troubleshoot it for you if it won't work after you get ModSecurity to allow these POST requests to pass. Here is an exclusion rule to allow these...

• View comment
• fuzzylogic
• October 18, 2018 01:27
• 1 vote

1. Community
2. Security
3. Block abusive requests to website?

Using the [OR] operator on the code I submitted could prevent legitimate "Add to Cart" and "Add to Wishlist" functionality in the eShop in question if it uses... GET /category/whatever/?add_to_wish...

• View comment
• fuzzylogic
• December 21, 2017 21:36
• 0 votes

1. Community
2. Security
3. Block abusive requests to website?

This htaccess redirect should deny (status 403) any GET request with BOTH add_to_wishlist AND add-to-cart QUERY_STRING ARGS. RewriteEngine On RewriteCond %{QUERY_STRING} (?:^|&)add_to_wishlist= [N...

• View comment
• fuzzylogic
• December 21, 2017 10:31
• 0 votes

1. Community
2. Security
3. ModSecurity Rules and Alt Languages

You're welcome. If you want to view more examples of WordPress specific exclusion rules, the CRS version 3.0.2 on GitHub has a .conf file for WordPress exclusions. It is an external link so I won't...

• View comment
• fuzzylogic
• February 28, 2018 05:46
• 0 votes

1. Community
2. Security
3. ModSecurity Rules and Alt Languages

I have never had to exclude rule 921160 to be able to save a WordPress post. Are you sure the request is from a trusted ip (eg. yours) and not a vulnerability scanner. If you have confirmed it is ...

• View comment
• fuzzylogic
• February 05, 2018 11:51
• 0 votes

1. Community
2. Security
3. ModSecurity Rules and Alt Languages

That request is hitting another rule, an XSS rule beginning with 941xxx. The rule it is hitting is not within the screenshot you posted. That rule is adding 5 points to the Inbound Anomaly Score, ...

• View comment
• fuzzylogic
• February 04, 2018 09:19
• 0 votes

1. Community
2. Security
3. ModSecurity Rules and Alt Languages

Firstly do not disable rule 949110. It blocks requests in response to a high score tally from attack rules. (You might as well disable Modsecurity entirely). Secondly do not disable rule 980130. It...

• View comment
• fuzzylogic
• December 19, 2017 10:30
• 0 votes

1. Community
2. Security
3. What are imh-modsec rules?

A goggle search for imh-modsec explains where these rules come from. They are a proprietary set of rule added by a particular web hosting company. One rule mentioned in the search results appears ...

• View comment
• fuzzylogic
• December 07, 2017 07:45
• 0 votes

1. Community
2. Security
3. Unable to change SSH port

I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools. When I first used vi I had many wtf moments, especially when trying to save (or...

• View comment
• fuzzylogic
• October 23, 2017 23:41
• 0 votes

1. Community
2. Security
3. htaccess Header Set doesn't set

And once you get mod_headers working in your htaccess files... Your Header set Pragma "no-cache" syntax is valid.

• View comment
• fuzzylogic
• October 18, 2017 11:13
• 0 votes