I have a vps with centos 7, apache with mod_security and mod_evasive. I have a form in php with basic authentication. When I try to authenticate through the application (before activating mod security worked) appears in the logs that entered the rule id: 921130 of the REQUEST-921-PROTOCOL-ATTACK.conf file. Where can I change to solve this problem?
Asked
Active
Viewed 234 times
1 Answers
0
What any other information in your log? Eg. you can see which header matches with this rule, and which value. For eg. (this is a totally another rule, but you have to see something like this, with '[id 921130]' at the end of the line)
Warning. Pattern match "(?:application(?:/soap\\+|/)|text/)xml" at REQUEST_HEADERS:Content-Type. [file "/etc/apache2/modsecurity.conf"] [line "24"] [id "200000"]
If yes, there are any more infos, then you can see which argument (cookie or post/get argument) is "wrong".
airween
- 195
- 1
- 1
- 8