Has anyone dealt with Modsecurity rule 990011, user-agent issue?

More
4 days 10 hours ago #161488 by jsibley
jsibley created the topic: Has anyone dealt with Modsecurity rule 990011, user-agent issue?
Hi,

I'm using limer to interface with r.

There is a rule in modsecurity on the host I am using that is rejecting calls to remotecontrol unless I whitelist the IP addresses I'm using (which change).

Has anyone dealt with this particular problem? I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)

Thanks for any help with this.

Please Log in to join the conversation.

More
4 days 57 minutes ago #161494 by jelo
jelo replied the topic: Has anyone dealt with Modsecurity rule 990011, user-agent issue?
[quote="jsibley" post=161488 I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)
[/quote]

You should post the rule instead of the ID. The mod security IDs are not telling me what rule is triggered.
Every ruleset can use these IDs.

Most common rule set with ID 990011 seems to be the Owasp-modsecurity-core-rule-set.
SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:eek:wnload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)" \
"chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'990011',severity:'5'"
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"

Since these rulesets are very broad it is quite common to tigger a few rules when using APIs from webapplications.
LimeSurvey is no exception. You can deactivate the rule globally or restrict exception to certain paths.

Please Log in to join the conversation.

More
3 days 11 hours ago #161535 by jsibley
jsibley replied the topic: Has anyone dealt with Modsecurity rule 990011, user-agent issue?
Thank you so much for responding. I think that this is an issue with limer (and, I believe, with limeRick), how they send the request to remotecontrol, and the rule that is being triggered. The message in my log file is:

[Tue Dec 05 23:28:33.355207 2017] [:error] [pid 3112:tid 140125572921088] [client 73.198.211.20] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"] I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing. Thanks again.[file "/etc/apache2/conf.d/imh-modsec/01_base_rules.conf"] [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"]

I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.

Thanks again.

Please Log in to join the conversation.

More
3 days 11 hours ago #161536 by jelo
jelo replied the topic: Has anyone dealt with Modsecurity rule 990011, user-agent issue?

jsibley wrote: I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.

The path of the ruleset indicates me, that your provider seems to be InMotionHosting.
The 990011 rule is too strict for many scenarios.

www.inmotionhosting.com/support/communit...ubleshoot-the-issues

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!