[Solved] 403 Error with 4.1.5

Discussion in 'Bug Reports' started by bkonia, Oct 13, 2011.

  1. sysmesh

    sysmesh Member

    Thanks. Realizing it may sounds like a silly question but any hints to the location of the rules config file on the server?
  2. NiteWave

    NiteWave Administrator

    the rule can be found through
    lsws admin console->Configuration->Server->
    Request Filter->XSS attack->just disable it

    restart lsws. see if the issue gone.
  3. sysmesh

    sysmesh Member

    That did the trick! Thank you so much.
  4. clarocque

    clarocque Member


    OK after reading this thread I was able to stop the 403 error...

    But how come I have to remove these rules in any version after 4.1.1?

    SecFilterSelective ARGS "(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)"

    SecFilterSelective ARGS "<(applet|div|embed|iframe|img|meta|object|script|textarea)"

    When the same exact script & data is OK in 4.1.1?
  5. webizen

    webizen Well-Known Member

    the rulesets may not work well with 4.1.1 and prior as modsec support is improving.

Share This Page