Moodle and modsecurity rules

Moodle and modsecurity rules

by Alejandro Lengua -
Number of replies: 1

Hello,

I was wondering if have ever had a similar issue with Moodle and modsecurity rules


|[Wed Feb 02 14:30:32.609904 2022] [:error] [pid 3621140:tid 23402920183552] [client x.y.z.x:32380] [client x.y.z.x] ModS|

ecurity: Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?|

in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>|

> ?$)" against "ARGS:array.array.args.args.args.value" required. [file "/etc/apache2/conf.d/modsecurity.d/10_asl_rules.conf"] [line "1105|

"] [id "350147"] [rev "161"] [msg "JS WAF Rules: Potentially Untrusted Web Content Detected"] [severity "CRITICAL"] [hostname "www.dominio.xxx"] [uri "/lib/ajax/service.php"] [unique_id "Yfrb2AUU0JWXHehCZRnpNgABFg4"], referer: https://www.dominio/m|

od/assign/view.php?id=1501&action=grader

Average of ratings: -
In reply to Alejandro Lengua

Re: Moodle and modsecurity rules

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Yes, this sort of false postive is very common. If you have to use modsecurity, then you need to prune the rule set very carefully, or it will break things.
Average of ratings: -