Has anyone dealt with Modsecurity rule 990011, user-agent issue?

Mehr
1 Monat 2 Wochen her #161488 von jsibley
jsibley erstellte das Thema Has anyone dealt with Modsecurity rule 990011, user-agent issue?
Hi,

I'm using limer to interface with r.

There is a rule in modsecurity on the host I am using that is rejecting calls to remotecontrol unless I whitelist the IP addresses I'm using (which change).

Has anyone dealt with this particular problem? I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)

Thanks for any help with this.

Bitte Anmelden um an der Konversation teilzunehmen.

Mehr
1 Monat 2 Wochen her #161494 von jelo
jelo antwortete auf das Thema: Has anyone dealt with Modsecurity rule 990011, user-agent issue?
[quote="jsibley" post=161488 I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)
[/quote]

You should post the rule instead of the ID. The mod security IDs are not telling me what rule is triggered.
Every ruleset can use these IDs.

Most common rule set with ID 990011 seems to be the Owasp-modsecurity-core-rule-set.
SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:eek:wnload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)" \
"chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'990011',severity:'5'"
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"

Since these rulesets are very broad it is quite common to tigger a few rules when using APIs from webapplications.
LimeSurvey is no exception. You can deactivate the rule globally or restrict exception to certain paths.

Bitte Anmelden um an der Konversation teilzunehmen.

Mehr
1 Monat 2 Wochen her #161535 von jsibley
jsibley antwortete auf das Thema: Has anyone dealt with Modsecurity rule 990011, user-agent issue?
Thank you so much for responding. I think that this is an issue with limer (and, I believe, with limeRick), how they send the request to remotecontrol, and the rule that is being triggered. The message in my log file is:

[Tue Dec 05 23:28:33.355207 2017] [:error] [pid 3112:tid 140125572921088] [client 73.198.211.20] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"] I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing. Thanks again.[file "/etc/apache2/conf.d/imh-modsec/01_base_rules.conf"] [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"]

I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.

Thanks again.

Bitte Anmelden um an der Konversation teilzunehmen.

Mehr
1 Monat 2 Wochen her #161536 von jelo
jelo antwortete auf das Thema: Has anyone dealt with Modsecurity rule 990011, user-agent issue?

jsibley schrieb: I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.

The path of the ruleset indicates me, that your provider seems to be InMotionHosting.
The 990011 rule is too strict for many scenarios.

www.inmotionhosting.com/support/communit...ubleshoot-the-issues

Bitte Anmelden um an der Konversation teilzunehmen.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha