Problem with mod_security

Discussion in 'General' started by urs, Nov 18, 2011.

  1. urs

    urs Well-Known Member

    Hello

    One of our server has a joomla installation with a virtuemart onlineshop.

    Now we have the problem, that if we upload a picture to our store there is a 403.

    In the server log:

    000.000.000.000:59005-0#aqula.ch] mod_security rule triggered!
    [Fri Nov 18 15:00:17 2011] [error] [client 212.35.29.175] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
    [Msg: XSS attack]

    How can we fix that?

    regards

    Urs
     
  2. NiteWave

    NiteWave Administrator

    for quick solution, just disable this rule:
    admin console --> Server --> Request Filter -->XSS attack

    does this happen on firefox only ?
     
  3. urs

    urs Well-Known Member

    no, also in chrome, safari, ...
     
  4. NiteWave

    NiteWave Administrator

    or you can manually upgrade to lsws 4.1.18, see if the issue still exists.
     
  5. urs

    urs Well-Known Member

    deactivation of both filters solved it for the moment! Thanks!
     

Share This Page