Hi everyone.
CyberPanel ERROR LOGS
Error Logs for main web server. Isssue kindly Reslove ?
[Module:mod_security] ModSecurity: Warning. Matched "Operator Within' with parameter
GET HEAD POST OPTIONS’ against variable REQUEST_METHOD' (Value:
PURGE’ ) [file “/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-911-METHOD-ENFORCEMENT.conf”] [line “27”] [id “911100”] [rev “”] [msg “Method is not allowed by policy”] [data “PURGE”] [severity “2”] [ver “OWASP_CRS/3.3.2”] [maturity “0”] [accuracy “0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-generic”] [tag “paranoia-level/1”] [tag “OWASP_CRS”] [tag “capec/1000/210/272/220/274”] [tag “PCI/12.1”] [hostname “thenews.qm.com.pk”] [uri “/this-amazing-girl-is-on-top-of-the-emerging-fashion-empire/.*”] [unique_id “1665517627”] [ref “v0,5”]
Hi everyone.
CyberPanel ERROR LOGS
Error Logs for main web server. Isssue kindly Reslove ?
2022-10-11 21:47:07.870472 [INFO] [90615] [127.0.0.1:45882#Thenews.qm.com.pk] [Module:mod_security]Intervention status code triggered: 403
2022-10-11 21:47:07.870485 [INFO] [90615] [127.0.0.1:45882#Thenews.qm.com.pk] [Module:mod_security]Log Message: [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Ge' with parameter
5’ against variable TX:ANOMALY_SCORE' (Value:
5’ ) [file “/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf”] [line “80”] [id “949110”] [rev “”] [msg “Inbound Anomaly Score Exceeded (Total Score: 5)”] [data “”] [severity “2”] [ver “OWASP_CRS/3.3.2”] [maturity “0”] [accuracy “0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-generic”] [hostname “thenews.qm.com.pk”] [uri “/this-amazing-girl-is-on-top-of-the-emerging-fashion-empire/.*”] [unique_id “1665517627”] [ref “”]
Dear Sir
Sever log error showing
[Module:mod_security]Intervention status code triggered: 403
[Module:mod_security]Log Message: [client 127.0.0.1] ModSecurity: Access denied with code 403
and
[Module:mod_security] ModSecurity: Warning. Matched "Operator Within' with parameter
GET HEAD POST OPTIONS’ against variable REQUEST_METHOD' (Value:
PURGE’ ) [file “/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-911-METHOD-
???/
It is advisable to post all the errors as they appear in your error log for this particular issue. Also use preformatted text (CTRL+E) to format the errors for easier readability.
As seen in the second part of your posted logs you might need to disable the ModSecurity CRS Rule Group 911 Method Enforcement rule =>
[file “/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-911-METHOD-
???/
here - https://yourServerIP:8090/firewall/modSecRules by adding the line SecRuleRemoveById 911100
Also read modSecurity documentation
[https://yourServerIP:8090/firewall/modSecRules]
after shwoing
SecRule ARGS “../” “t:normalisePathWin,id:99999,severity:4,msg:‘Drive Access’ ,log,auditlog,deny”,