Problem with mod_security

Discussion in 'General' started by urs, Nov 18, 2011.

  1. urs

    urs Well-Known Member


    One of our server has a joomla installation with a virtuemart onlineshop.

    Now we have the problem, that if we upload a picture to our store there is a 403.

    In the server log:] mod_security rule triggered!
    [Fri Nov 18 15:00:17 2011] [error] [client] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
    [Msg: XSS attack]

    How can we fix that?


  2. NiteWave

    NiteWave Administrator

    for quick solution, just disable this rule:
    admin console --> Server --> Request Filter -->XSS attack

    does this happen on firefox only ?
  3. urs

    urs Well-Known Member

    no, also in chrome, safari, ...
  4. NiteWave

    NiteWave Administrator

    or you can manually upgrade to lsws 4.1.18, see if the issue still exists.
  5. urs

    urs Well-Known Member

    deactivation of both filters solved it for the moment! Thanks!

Share This Page