Owasp-modsecurity-crs: PHPbb Forum 3.2.2 ACP control panel access blocked. False Posistive

Created on 23 Jul 2018  Â·  29Comments  Â·  Source: SpiderLabs/owasp-modsecurity-crs

The current version, 3.2.2, of the popular PHPbb forum software has a control panel that is blocked by owasp falsely.

False Positive Stale issue

All 29 comments

Thank you for reporting @Xymox1. That sounds like a false positive, possibly several ones.

Can you share your error-log with us, so we can look into it? For other standard software, there are rule exclusion packages. It would be worthwhile to create such a package for PHPbb, but it takes somebody to do it. We could guide you, if you are interested to contribute in such a way.

Im not skilled enough of a coder for that. Im fairly entry level.
However, I have posted on the PHPbb forum and maybe i can pass this on
and someone there might be more skilled then I

Interestingly, the forum post I did has no responses so far. Considering
the huge number of people using PHPbb and the number of people on the
forum thats pretty surprizing. Normally people respond to posts in
minutes and you get 20 people in a hour. So this lack of any responses
is interesting.

https://www.phpbb.com/community/viewtopic.php?f=556&t=2480006

You would think that people would be using OWASP with the most popular
Forum software !?! Forums are a huge risk security wise and stuffed full
of things that could break.

I will go look at logs. Its hard to take on a whole security ruleset
like OWASP and ModSecurity and come up with a module with little
experence with any of these tools. I am a coder, but, thats a lot to
take on. Im sure there are far better people then myself to do this.
SOmeone on that PHPbb forum might be able to do this.

I will play with this more..

On 7/23/2018 10:05 PM, Christian Folini wrote:
>

Thank you for reporting @Xymox1 https://github.com/Xymox1. That
sounds like a false positive, possibly several ones.

Can you share your error-log with us, so we can look into it? For
other standard software, there are rule exclusion packages. It would
be worthwhile to create such a package for PHPbb, but it takes
somebody to do it. We could guide you, if you are interested to
contribute in such a way.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-407282361,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX7-GZ3qJCR2MBnmV4Jxmj14-82eiks5uJqsQgaJpZM4Vbt8a.

Well the forum post on phpBB has lit up and filled with idiots.. I will
stand on top of this and see what i can do to get a ruleset for phpBB..

I will look at logs wens and see whats going on. I will also look at
your documentation to see if I can do this. Are there any quick cheat
guides on doing exclusion rules that might help me ? I am a coder and
could, most likely, deal with this. BUT. I cant maintain a set of rules
over time. Im looking for help over at the phpBB boards tho.

https://www.phpbb.com/community/viewtopic.php?f=6&t=2480006

On 7/23/2018 10:24 PM, Chris wrote:

Im not skilled enough of a coder for that. Im fairly entry level.
However, I have posted on the PHPbb forum and maybe i can pass this on
and someone there might be more skilled then I

Interestingly, the forum post I did has no responses so far.
Considering the huge number of people using PHPbb and the number of
people on the forum thats pretty surprizing. Normally people respond
to posts in minutes and you get 20 people in a hour. So this lack of
any responses is interesting.

https://www.phpbb.com/community/viewtopic.php?f=556&t=2480006

You would think that people would be using OWASP with the most popular
Forum software !?! Forums are a huge risk security wise and stuffed
full of things that could break.

I will go look at logs. Its hard to take on a whole security ruleset
like OWASP and ModSecurity and come up with a module with little
experence with any of these tools. I am a coder, but, thats a lot to
take on. Im sure there are far better people then myself to do this.
SOmeone on that PHPbb forum might be able to do this.

I will play with this more..

On 7/23/2018 10:05 PM, Christian Folini wrote:
>

Thank you for reporting @Xymox1 https://github.com/Xymox1. That
sounds like a false positive, possibly several ones.

Can you share your error-log with us, so we can look into it? For
other standard software, there are rule exclusion packages. It would
be worthwhile to create such a package for PHPbb, but it takes
somebody to do it. We could guide you, if you are interested to
contribute in such a way.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-407282361,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX7-GZ3qJCR2MBnmV4Jxmj14-82eiks5uJqsQgaJpZM4Vbt8a.

Wow. I feel for you. You went into this phpBB forum discussion without fear. I'm impressed. Sorry to see you ate so much shit from ignorants.

The best introduction to writing rule exclusions is probably my tutorial on tuning CRS at https://www.netnea.com/cms/apache-tutorial-8_handling-false-positives-modsecurity-core-rule-set/

However, you already stated that you are new to this. So if you can provide me with your Apache Error-Log, I can do you a basic set of rule exclusions and then you can install that and extend as you move along. That's probably the best investment of your time and brings you immediate benefits.

They just got me warmed up and focused ! hahaha... It was fun.. Im
looking forward to beating them up more.. Morons.. Keep in mind I also
stuffed thier own BS up thier butts, like im gonna do some more.. I
enjoyed the one guy who said phpBB NEVER EVER had a security issue. That
was funny.. Oh yea ?? Here have a list of CVEs some at a CVSS of 10...

phpBB is the EXACT reason to run OWASP.

I will look things over tomorrow and see whats up... I did look quickly
today just at modsecurity hits. There did not appear to be any listed.
But yea, I need to look at the logs and understand the Apache 403. It
seemed to say I was not authorized to access a file or directory.

OWASP seem to work fine with normal phpBB operations. Its when you go to
access the ACP. Thats the highest security control panel. Then 403..

I might have the skills to do this. Im savvy enough to write C and *nix
savvy. I played with Apache and even mod_security some years ago. So, I
might be able to do this. Or at least isolate the issue better.

So hang tight for a day.

Thanks for looking at this :)

On 7/24/2018 1:41 PM, Christian Folini wrote:
>

Wow. I feel for you. You went into this phpBB forum discussion without
fear. I'm impressed. Sorry to see you ate so much shit for ignorants.

The best introduction to writing rule exclusions is probably my
tutorial on tuning CRS at
https://www.netnea.com/cms/apache-tutorial-8_handling-false-positives-modsecurity-core-rule-set/

However, you already stated that you are new to this. So if you can
provide me with your Apache Error-Log, I can do you a basic set of
rule exclusions and then you can install that and extend as you move
along. That's probably the best investment of your time and brings you
immediate benefits.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-407544903,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoXxpRulZpWPWHQMZzLgF0EFm-z1ltks5uJ4Z_gaJpZM4Vbt8a.

I confirm your statements about phpBB and CRS. It's the very reason we do this.

And the point about CRS is that we do look at context, that's why cat does not trigger an alert despite being a dangerous comment in an attack context.

If you want to understand Apache and ModSec and CRS, then working through the tutorials will take you from zero to hero. Looking forward to work with you.

I PMed the top community manager at phpBB forums and he deleted all the
nasty posts and reprimanded his support people over that phpBB forum
mess. Its now a clean topic. As a whole they are anti-security because
"it causes too many support headaches for us"

https://www.phpbb.com/community/viewtopic.php?f=6&t=2480006

So I have had a little time to look at this. I will be exploring far
more and in more depth shortly..

The ruleset
"modsec_vendor_configs/OWASP/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"
is causing a 403.

"You don't have permission to access /Forum/adm/index.php on this server"

Im going to go look at the PHP code. It occurs when I try and login to
the Admin Control Panel. If im already logged in, no issue I dont think.

Is it possible they have vulnerable code ?

On 7/24/2018 9:18 PM, Chris wrote:

They just got me warmed up and focused ! hahaha... It was fun.. Im
looking forward to beating them up more.. Morons.. Keep in mind I also
stuffed thier own BS up thier butts, like im gonna do some more.. I
enjoyed the one guy who said phpBB NEVER EVER had a security issue.
That was funny.. Oh yea ?? Here have a list of CVEs some at a CVSS of
10...

phpBB is the EXACT reason to run OWASP.

I will look things over tomorrow and see whats up... I did look
quickly today just at modsecurity hits. There did not appear to be any
listed. But yea, I need to look at the logs and understand the Apache

  1. It seemed to say I was not authorized to access a file or directory.

OWASP seem to work fine with normal phpBB operations. Its when you go
to access the ACP. Thats the highest security control panel. Then 403..

I might have the skills to do this. Im savvy enough to write C and
*nix savvy. I played with Apache and even mod_security some years ago.
So, I might be able to do this. Or at least isolate the issue better.

So hang tight for a day.

Thanks for looking at this :)

On 7/24/2018 1:41 PM, Christian Folini wrote:
>

Wow. I feel for you. You went into this phpBB forum discussion
without fear. I'm impressed. Sorry to see you ate so much shit for
ignorants.

The best introduction to writing rule exclusions is probably my
tutorial on tuning CRS at
https://www.netnea.com/cms/apache-tutorial-8_handling-false-positives-modsecurity-core-rule-set/

However, you already stated that you are new to this. So if you can
provide me with your Apache Error-Log, I can do you a basic set of
rule exclusions and then you can install that and extend as you move
along. That's probably the best investment of your time and brings
you immediate benefits.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-407544903,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoXxpRulZpWPWHQMZzLgF0EFm-z1ltks5uJ4Z_gaJpZM4Vbt8a.

It is possible. But in this case, it is far more likely the programmer are exposing a behavior that our rule set considers a possible attack. E.g. phpBB instructs the browser to load a file that CRS considers a Local File Inclusion (-> LFI). I take it it's a false positive.

You should really look at the error log of the server and share it with us to understand the details and to allow me to write a few rule exclusions that get you going again.

The tutorial linked above suggests to raise the anomaly threshold to a very high value, so that you are never blocked while working. That way the rule set is active and the alerts can be used to write the exclusion list. Later, you lower the threshold again and you end up with a tailored rule set in a tight setting.

False positives on path traversals.

Add this to your configuration _before_ the CRS includes and you should be fine as far as this false positive is concerned. More are likely to pop up. But we can get them all ironed out together if you like.

# ModSec Rule Exclusion: 930100 : Path Traversal Attack (/../)
SecRule REQUEST_URI "@beginsWith /Forum/adm/index.php" "phase:2,nolog,pass,id:10000,ctl:ruleRemoveTargetById=930100;REQUEST_BODY"

# ModSec Rule Exclusion: 930110 : Path Traversal Attack (/../)
SecRule REQUEST_URI "@beginsWith /Forum/adm/index.php" "phase:2,nolog,pass,id:10001,ctl:ruleRemoveTargetById=930110;REQUEST_BODY"

Awesome :) I understand the issue now too.

Thank you. Let me go play around now and see. Yes i can see how they
will use this directory reference in other places too.

Give me a few days and I will touch base again and update progress :)

On 7/27/2018 12:48 AM, Christian Folini wrote:
>

False positives on path traversals.

Add this to your configuration /before/ the CRS includes and you
should be fine as far as this false positive is concerned. More are
likely to pop up. But we can get them all ironed out together if you like.

|# ModSec Rule Exclusion: 930100 : Path Traversal Attack (/../)
SecRule REQUEST_URI "@beginsWith /Forum/adm/index.php"
"phase:2,nolog,pass,id:10000,ctl:ruleRemoveTargetById=930100;REQUEST_BODY"

ModSec Rule Exclusion: 930110 : Path Traversal Attack (/../) SecRule

REQUEST_URI "@beginsWith /Forum/adm/index.php"
"phase:2,nolog,pass,id:10001,ctl:ruleRemoveTargetById=930110;REQUEST_BODY"
|

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408340542,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoXyM58At9vsuZyAxRDwo_JkYGmj0rks5uKsXJgaJpZM4Vbt8a.

@Xymox1 The modsec audit log you posted contained a plaintext password. I have deleted your comment from this thread, but it will remain in the inboxes of people who watch this repo. Please change your password ASAP.

Good luck @Xymox1. Looking forward to hear more from you.

Thank you.

I will touch base once ive had some time on OWASP. Im watching it
deflect things already. Its a REALLY important tool that WAY more people
should deploy. It was great to find it preinstalled and ready to go from
cpanel on my VPS provider. Web app developers really need to test with
it and have their own ruleset exceptions ready and available as needed.
The horrendous bad mindset towards web application security displayed in
the phpBB forum by support members is appalling and will one day soon
come and kick their ass. Im not done with them on the forum yet. Im
going to have some last words on that mess and their piss poor attitude
towards security. Im letting that settle and im going to test out the
forum for a bit. But. I will be back there and follow up on this.

Thanks for your help. Thanks for a awesome product that must have taken
a zillion hours to develop and maintain.

On 7/27/2018 4:45 AM, Christian Folini wrote:
>

Good luck @Xymox1 https://github.com/Xymox1. Looking forward to hear
more from you.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408395112,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX-yEAOCXdnCYEAqEsKYNnPKojRk9ks5uKv1lgaJpZM4Vbt8a.

Forums are a great use case for the CRS, since they are often attacked and sadly suffer from vulns regularly. But forums will need a few exclusions to deal with false positives. You can start minimally. Some that you will probably need:

  • new thread, new reply: title field, content field, maybe tag fields need to be excluded
  • login, signup: username, password fields
  • profile edit: custom fields

We would be very much interested in adding default support for phpBB.

If you keep track of your created exclusions, and you get phpBB working well, please send them to us. We can use these in a future version of CRS if you like. Then other phpBB administrators will be relieved from re-doing your work.

:)

Sadly im just not skilled enough to do what you need. I would love to
take it on and really help, but, my time is strained as is with work and
I travel for work a lot.

phpBB is a ideal target for CRS. The real trick would be to get the
phpBB guys to help. The blow back and moronic attitude I ran into tho
from some phpBB people on thier forum was stunning. Its all erased now,
but, I had support people for phpBB challange me to find even a single
exploit and it was "flawless".. I responded with a CVE list spanning 10
years with 2 CVSS scores of 10 and many 7's.. They seem to have ZERO
security principles and have this sorta of Apple like "Nothing can
infect me" belief.

What your doing is the future. A layer to isolate horrendously bad code
in popular applications from being exploited.

I would think its even possible to link up your installs into a system
that could spot things occuring live on a lot of servers at once and
report and maybe block activity for the platform installs everywhere.
Like advanced spam blockers.

I ran thru the forum and tried all the features and they all seem to
work. I suppose weird content of posts or odd combo of things might
cause issues. I will review the error log more closely over the weekend.
I can share it with you if you want. Installing and running phpBB is
very easy. Maybe you need a forum ? and then you could play with it
directly :)

I will report back on sunday.

On 7/27/2018 11:53 AM, Walter Hop wrote:
>

Forums are a great use case for the CRS, since they are often attacked
and sadly suffer from vulns regularly. But forums will need a few
exclusions to deal with false positives. You can start minimally. Some
that you will probably need:

  • new thread, new reply: title field, content field, maybe tag
    fields need to be excluded
  • login, signup: username, password fields
  • profile edit: custom fields

We would be very much interested in adding default support for phpBB.

If you keep track of your created exclusions, and you get phpBB
working well, please send them to us. We can use these in a future
version of CRS if you like. Then other phpBB administrators will be
relieved from re-doing your work.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408508627,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX5C3yA7cQMVGVW_9aON6XDFVXY_dks5uK2GvgaJpZM4Vbt8a.

Yes, you might want to share the logs privately. Send it or a link to [email protected] for example. That way private information like passwords is not public.

Good to hear everything seems to work right now. I assume you did not raise the anomaly threshold so far, so that's good news.

I have not changed anything yet,, but I have not reqally looked over the
logs yet :) So, there might be work to do yet, hahaha...

Yes i included username & passwords as I was concerned it might see some
of that in pattern matching.

You guys should setup your own forum. It takes like 10 mins.

Maybe you guys could approach phpBB and see if they might want to help
with this project ? I will check as I have had contact with some higher
rung people now.

On 7/27/2018 9:18 PM, Christian Folini wrote:
>

Yes, you might want to share the logs privately. Send it or a link to
[email protected] info@coreruleset.org for example. That
way private information like passwords is not public.

Good to hear everything seems to work right now. I assume you did not
raise the anomaly threshold so far, so that's good news.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408581354,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX5SJqbCwj7RrvS2Z7EF8TsvGgd3Tks5uK-YugaJpZM4Vbt8a.

I've used phpBB before, so I know it's easy. But I do not see our project needing and then using it. However what it takes for a good rule exclusion package is active use, so a quick install would not bring anything useful. It's much better to work with people like you.

If you could give us the contact, I'd try to get in touch. See email address above.

Wow, I had not looked at your address carefully. so.. This ?

[email protected]

[email protected]  ?? but this is noreply..

Im checking with the phpBB guys and seeing if someone there wants to
take this on.

On 7/27/2018 10:16 PM, Christian Folini wrote:
>

I've used phpBB before, so I know it's easy. But I do not see our
project needing and then using it. However what it takes for a good
rule exclusion package is active use, so a quick install would not
bring anything useful. It's much better to work with people like you.

If you could give us the contact, I'd try to get in touch. See email
address above.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408583656,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoX1GsMkzZGTkcUxWK5sksdTZxZwC-ks5uK_O4gaJpZM4Vbt8a.

Better use [email protected].

Welllll... At least 2 of the lower level phpBB guys dont want to do it,
they were security idiots anyway so good they did not want to.

Im still working on it..

Incredible how these phpBB guys TRULY think phpBB its GOD's gift to
programming and immune from every having any bugs.

I think with all my discussion on the forum, or maybe one of you guys,
my server got scanned for exploitablity. The error log is 2 years old
and ive never seen anything close. Could be random. Its ok if it was one
of you guys, I should run a good scan on myself. BUT. If it was a bad
guy seeing me post then checking out my server.. Well.. Thats different.

I will send the log, have a look. Interesting. Interesting IP's. Looks
like a attack to me. Never seen one before. Its VERY interesting and
ongoing. I admit, its actually pretty cool.

I have snapshots I can revert in seconds to a known good from a week
ago. I dont have anything important on the forums I would loose. Its all
just hobby and fun stuff.

I caught someones attention.

It SEEMS like im still ok. I dont think ive been rooted or back doored.
BUT. who knows for sure :)

fun stuff :) The stuff I sent you has been going on since saturday. Gaps
of hours. Never seen it before and ive got logs for 2 years.

On 7/28/2018 12:35 PM, Christian Folini wrote:
>

Better use [email protected] info@coreruleset.org.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408630330,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AbqoXzv0S7ImfMe4eXwU9whrOp9YBQ2Kks5uLLz4gaJpZM4Vbt8a.

sad story :( , you should absolutely add CRS+MAC (selinux or apparmor) as this for sure may be the source if many hacks, so where do you stand on this? have you figured how to make your insecure stuff work with CRS already?

The rules in https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1154#issuecomment-408340542 resolved the phpBB ACP access issues for me. With paranoia level 1, I haven't seen any other false positives. With paranoia level 2, there are a few more, and I decided to lower back to 1.

I can also confirm the rules posted above resolved the phpBB ACP issues I encountered with current phpBB 3.2.7.

Some more notes on that for inexperienced users:
The file you need to edit is REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf, which Debian Stretch is in /etc/modsecurity/crs/.
Paste the rules posted above at the end of the file. Make sure that /Forum/adm/index.php is the real path from your domain to your phpBB ACP. For example, if the URL is https://forum.example.com/adm/index.php for you, then you need to adjust it to /adm/index.php (without /Forum).

Also make sure that the given IDs 10000 and 10001 are unique for you. If you added other exceptions before, you may have already some rules with these IDs. You can just grep your rules-folders for the ID to find whether it is already used. This is for Debian Stretch with the modsecurity-crs package:
grep -RP '10000|10001' /etc/modsecurity/crs/ /usr/share/modsecurity-crs/rules/
If this only returns the rules you just added, you are fine. If it returns some other line with ID 10000 or 10001, better use some other IDs like 10002 and 10003.

@Xymox1 I found this thread today, because we just migrate from phpBB2.x with modsecurity 2.x to phpBB3.x with modsecurity 3.x. I can tell you you're right phpBB can be a nightmare without modsecurity, it helped us to maintain a phpBB2 instance (with many security problems) with no issue during last 9 years !!

This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days

As mentioned, it would be great if these rules could be merged. Then this issue can be closed.

This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days

Having some issues getting the 2 rule exclusions to work in phpbb ver 3.3 still locked out ACP
I've read trough the tutorial and set requests 10000 and panic 1. I'm not sure what I'm looking for in the logs?
Message: Warning. Pattern match "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:($
Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:redirect. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICAT$
Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:redirect. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICAT$
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-94$
Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] $
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 216.118.153.122] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|($
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 216.118.153.122] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\$
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 216.118.153.122] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\$
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 216.118.153.122] ModSecurity: Access denied with code 403 (phase 2). Opera$
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 216.118.153.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound$
Action: Intercepted (phase 2)

Was this page helpful?
0 / 5 - 0 ratings