Problem with mod_security

Discussion in 'General' started by urs, Nov 18, 2011.

  1. urs

    urs New Member

    Hello

    One of our server has a joomla installation with a virtuemart onlineshop.

    Now we have the problem, that if we upload a picture to our store there is a 403.

    In the server log:

    000.000.000.000:59005-0#aqula.ch] mod_security rule triggered!
    [Fri Nov 18 15:00:17 2011] [error] [client 212.35.29.175] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
    [Msg: XSS attack]

    How can we fix that?

    regards

    Urs
  2. NiteWave

    NiteWave Administrator

    for quick solution, just disable this rule:
    admin console --> Server --> Request Filter -->XSS attack

    does this happen on firefox only ?
  3. urs

    urs New Member

    no, also in chrome, safari, ...
  4. NiteWave

    NiteWave Administrator

    or you can manually upgrade to lsws 4.1.18, see if the issue still exists.
  5. urs

    urs New Member

    deactivation of both filters solved it for the moment! Thanks!

Share This Page