Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

modsecurity conflict

I have come across an issue where an entry in our URL is conflicting with a rule in modsecurity. I don't want to remove the rule but I want to fix it so that when a user calls the url that they don't get an "access denied" error.

The modsecurity rule causing the problem is (the specific item is in bold):
SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bcd\b\W*?[\\/]" \
                "phase:2,rev:'2.0.5',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,pass,nolog,auditlog,msg:'System Command Injection',id:'958821',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',seve$


and the url that is activating the rule is:
http://mydomain.com/path/path/track/CD/performance

Any idea on how to resolve this?
0
pand0ra_usa
Asked:
pand0ra_usa
  • 2
1 Solution
 
pand0ra_usaAuthor Commented:
Nevermind, found the answer. I just inserted a space after cd.

REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bcd \b\W*?[\\/]" \
0
 
pand0ra_usaAuthor Commented:
Found the answer myself
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now