[Modsecurity] False positive
Havard Hebnes
centos at kral.no
Mon Jan 15 07:07:22 EST 2007
Hello.
Is it possible to fix this false positive? Thanks :)
==da7f6d3a==============================
Request: www.domain.com 00.00.00.00 - - [15/Jan/2007:12:58:08 +0100] "GET
/typo3/tce_db.php?redirect=http%3A%2F%2Fwww.domain.com%2Ftypo3%2Falt_mod_fra
meset.php%3FfW%3D0%26nav%3D%2Ftypo3%2Falt_db_navframe.php%253F%26script%3D..
%252Ftypo3conf%252Fext%252Ftemplavoila%252Fmod1%252Findex.php%26id%3D&cmd[pa
ges][45][delete]=1&prErr=1&vC=d07c42e8dd HTTP/1.1" 500 1254
"http://www.domain.com/typo3/alt_db_navframe.php??currentSubScript=..%2Ftypo
3conf%2Fext%2Ftemplavoila%2Fmod1%2Findex.php" "Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1" - "-"
----------------------------------------
GET
/typo3/tce_db.php?redirect=http%3A%2F%2Fwww.domain.com%2Ftypo3%2Falt_mod_fra
meset.php%3FfW%3D0%26nav%3D%2Ftypo3%2Falt_db_navframe.php%253F%26script%3D..
%252Ftypo3conf%252Fext%252Ftemplavoila%252Fmod1%252Findex.php%26id%3D&cmd[pa
ges][45][delete]=1&prErr=1&vC=d07c42e8dd HTTP/1.1
Host: www.domain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1)
Gecko/20061204 Firefox/2.0.0.1
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
http://www.domain.com/typo3/alt_db_navframe.php??currentSubScript=..%2Ftypo3
conf%2Fext%2Ftemplavoila%2Fmod1%2Findex.php
Cookie: be_typo_user=b8bba60cb507d939ec7ee3e3c17f97e4;
PHPSESSID=133be8338d89ccd86a86c5b9ea417d20
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match
"\\.php(3|4|5)?(\\?|&).*=(ht|f)tps?:/.*(\\?|&)" at REQUEST_URI [id "300018"]
[rev "1"] [msg "Generic PHP code injection protection"] [severity
"CRITICAL"]
HTTP/1.1 500 Internal Server Error
Last-Modified: Thu, 13 Jul 2006 20:06:43 GMT
ETag: "c022c-4e6-1a4b5ac0"
Accept-Ranges: bytes
Content-Length: 1254
Connection: close
Content-Type: text/html
--da7f6d3a--
More information about the Modsecurity
mailing list