Form Submission
Posted: 12 Oct 2015, 22:00
Hi,
I recently installed CXS installed on my server.
I now have some unusual issues that I am trying to figure out if it is tied to CXS and if so, how I can make things work again.
On one of the websites I have a post form that I will be inputting into a textarea field XML data for processing. For some reason when I copy and paste the xml data straight into the form and submit, this is no longer working. It's redirecting the form page to the home page.
I was pulling my hair out trying to figure out why this is all of a sudden happening but then I got an email informing me that my ip was being blocked for malicious activity.
[Mon Oct 12 12:24:11.746725 2015] [:error] [pid 7067] [client xxx.xxx.xxx.93] ModSecurity: Access denied with redirection to http://examplesite.com/ using status 302 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\\\(\\\\)]*?)([\\\\d\\\\w]++)([\\\\s'\\"`\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\\\(\\\\)]*?)\\\\2|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not|not\\\\s+like|not\\\\s+regexp)([\\\\s'\\"`\\\\(\\\\)]*?)(?!\\\\2)([\\\\d\\\\w]+)))" at ARGS:xmlData. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "53"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: lname>Demo found within ARGS:xmlData: <xmlHTML></xmlHTML> [hostname "examplesite.com"] [uri "/home"] [unique_id "VhwI2woAAAwAABub7roAAAAI"]
I also been getting reports of another account on my server not being able to submit a form and redirecting to the home page as well.
How does this detect this as malicious and how can I set it so these type of situation go through.
I do want to keep the site secure but I need this form to go through as well.
Any help would be great!
I recently installed CXS installed on my server.
I now have some unusual issues that I am trying to figure out if it is tied to CXS and if so, how I can make things work again.
On one of the websites I have a post form that I will be inputting into a textarea field XML data for processing. For some reason when I copy and paste the xml data straight into the form and submit, this is no longer working. It's redirecting the form page to the home page.
I was pulling my hair out trying to figure out why this is all of a sudden happening but then I got an email informing me that my ip was being blocked for malicious activity.
[Mon Oct 12 12:24:11.746725 2015] [:error] [pid 7067] [client xxx.xxx.xxx.93] ModSecurity: Access denied with redirection to http://examplesite.com/ using status 302 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\\\(\\\\)]*?)([\\\\d\\\\w]++)([\\\\s'\\"`\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\\\(\\\\)]*?)\\\\2|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not|not\\\\s+like|not\\\\s+regexp)([\\\\s'\\"`\\\\(\\\\)]*?)(?!\\\\2)([\\\\d\\\\w]+)))" at ARGS:xmlData. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "53"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: lname>Demo found within ARGS:xmlData: <xmlHTML></xmlHTML> [hostname "examplesite.com"] [uri "/home"] [unique_id "VhwI2woAAAwAABub7roAAAAI"]
I also been getting reports of another account on my server not being able to submit a form and redirecting to the home page as well.
How does this detect this as malicious and how can I set it so these type of situation go through.
I do want to keep the site secure but I need this form to go through as well.
Any help would be great!