0

I run a small webhosting service (CPanel + ModSecurity) and I personnaly host few laravel projects on it. I noticed that when I (or anyone) visit multiple pages quickly (one after the other), at some point I get a Too Many Redirects error after the 6th or 7th visit (Redirected to /)

After few research, I noticed that it's due to a ModSecurity match on a cookie, and when it matches, the matched session is locked in this redirection loop until cookies are manually cleared (for that domain). Here is an extract of the ModSecurity logs showing the match and the response (Pastebin).

I don't get why it's matching "sometimes" (always when logged-in as a user), and how to prevent it. If you guys have an idea...

Thank you for your help

Max13
  • 141
  • 1
  • 9

1 Answers1

1

This is a known false alert for this rule: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/244

You can fix this by adding the following to your config after the config that loads that rule (/usr/local/apache/conf/modsec_vendor_configs/ OWASP/rules/REQUEST-41-APPLICATION-ATTACK-XSS.conf):

 SecRuleUpdateTargetById 973337 !REQUEST_COOKIES:oph_session

Note also that in the latest version of the CRS, this rule is has changed to 941120. You appear to be using an old pre-release version of the 3.0.0 CRS.

Barry Pollard
  • 4,461
  • 14
  • 26
  • Thank you for your reply. These rules seems to be bundled with ModSecurity shipped with Cpanel. I will redirect the support here, and check if I can update them – Max13 Dec 12 '16 at 22:53