Cannot save system settings with ModSecurity enabled? #6744
Labels
Comments
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 15 days with no activity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Clicking the "Save Settings" button on the admin System Settings page returns a page that displays
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
...
We are using Dreamhost shared hosting, and have their Web Application Firewall (mod_security) enabled for the site. When I disable that, I am able to save system settings just fine.
When I checked the server's error log, there were four ModSecurity warnings for the request. Here are the warning messages as well as the particular rules involved with each (Dreamhost is currently using OWASP ModSecurity Core Rule Set ver.3.3.2):
Two "Path Traversal Attack (/../)",
https://github.com/coreruleset/coreruleset/blob/v3.3.2/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
"Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address", and
https://github.com/coreruleset/coreruleset/blob/v3.3.2/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
"Inbound Anomaly Score Exceeded (Total Score: 15)".
https://github.com/coreruleset/coreruleset/blob/v3.3.2/rules/REQUEST-949-BLOCKING-EVALUATION.conf
These warnings sound concerning... could there be something in the ChurchCRM code that can be refactored so as not to trigger them, or are we just dealing with false positives here? Would it help for you to have the actual error logs for the request?
@DawoudIO
The text was updated successfully, but these errors were encountered: