modsecurity conflict

Posted on 2011-05-03
Last Modified: 2012-08-14
I have come across an issue where an entry in our URL is conflicting with a rule in modsecurity. I don't want to remove the rule but I want to fix it so that when a user calls the url that they don't get an "access denied" error.

The modsecurity rule causing the problem is (the specific item is in bold):
                "phase:2,rev:'2.0.5',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,pass,nolog,auditlog,msg:'System Command Injection',id:'958821',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',seve$

and the url that is activating the rule is:

Any idea on how to resolve this?
Question by:pand0ra_usa
    LVL 10

    Accepted Solution

    Nevermind, found the answer. I just inserted a space after cd.

    REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bcd \b\W*?[\\/]" \
    LVL 10

    Author Closing Comment

    Found the answer myself

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now