dkim18
asked on
Mod security block due to insecure in the HTML body
Hi Experts,
There is a web app in our institute that anyone from outside world can access and it was running fine until today. The site is down currently and displays 404 error, According to Linux admin, it is because Mod security is blocking due to insecure in the HTML body that it returns to the user. So, it is down there is something in that was detected as insecure so it is being blocked with a 404 returned to the user.
The security functions get updated to check for newly found exploits and vulnerabilities and maybe it is possible that a vulnerability existed before that was not covered by mod security up until now.
My question is how do I figure out which part of html body is insecure?
thanks,
There is a web app in our institute that anyone from outside world can access and it was running fine until today. The site is down currently and displays 404 error, According to Linux admin, it is because Mod security is blocking due to insecure in the HTML body that it returns to the user. So, it is down there is something in that was detected as insecure so it is being blocked with a 404 returned to the user.
The security functions get updated to check for newly found exploits and vulnerabilities and maybe it is possible that a vulnerability existed before that was not covered by mod security up until now.
My question is how do I figure out which part of html body is insecure?
thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This just means that the server is not handling 404 errors correctly.
There are probably some rewrite rules in place to direct a 404 error to CGI (or server-side ) script to give a "pretty" page not found report.
This a secondary issue and not related to your original problem - in that you cannot access a specific page on your website - which your Linux admin is telling you is the result of something within the HTML of your page.
Can you access all the other pages of your website?
If so then, as I suggested earlier, you need to find the problem in the specific page you cannot access.
If you cannot access your website at all, then that is a different problem, and probably not linked to mod_security at all.
There are probably some rewrite rules in place to direct a 404 error to CGI (or server-side ) script to give a "pretty" page not found report.
This a secondary issue and not related to your original problem - in that you cannot access a specific page on your website - which your Linux admin is telling you is the result of something within the HTML of your page.
Can you access all the other pages of your website?
If so then, as I suggested earlier, you need to find the problem in the specific page you cannot access.
If you cannot access your website at all, then that is a different problem, and probably not linked to mod_security at all.
ASKER
I get a little more than just 404 error:
The requested URL /xxx/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.