1

I am gettign this error code on submititng the form.

That form have rich text editors and I am assuming that is the problem.

So from erorr log I found out this message: 

[Sat Sep 13 18:45:11 2014] [error] [client xx.xx.xx.xx] ModSecurity:  [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "1023"] [id "350147"] [rev "147"] [msg "Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected"] [data "10862"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "REQUEST_URI" required. [hostname "example.com"] [uri "/add-product/"] [unique_id "VBTzJkJVoVIAAGGuSEgAAAAT"]

So what is this error and can anyone tell me how to fix this?

After this error being displayd every access to the server is blocked from 10 to 15 minutes?

The client have full access to server so that is not the problem.

It is standard LAMP environment.

Thanks!

consigliere
  • 957
  • 2
  • 12
  • 21
  • What does the rule with the id "350147" in the file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "1023"] look like? – Ronald Sep 15 '14 at 08:34
  • I dont know because I dont have root server and it turns out that client does not have. Any other options for solving? – consigliere Sep 15 '14 at 09:36
  • To solve this problem in my opition you will 1) either need to modify the request (which is probably not possible) or 2) modify the rule or 3) disable the rule for this request. To do 2 or 3 you will need someone with access to the server anyway. – Ronald Sep 15 '14 at 12:16
  • Ok thanks man, then I will write to user support. – consigliere Sep 15 '14 at 13:14

0 Answers0