- Posts: 40
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Has anyone dealt with Modsecurity rule 990011, user-agent issue?
- jsibley
- Topic Author
- Offline
- Senior Member
Less
More
6 years 4 months ago #161488
by jsibley
Has anyone dealt with Modsecurity rule 990011, user-agent issue? was created by jsibley
Hi,
I'm using limer to interface with r.
There is a rule in modsecurity on the host I am using that is rejecting calls to remotecontrol unless I whitelist the IP addresses I'm using (which change).
Has anyone dealt with this particular problem? I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)
Thanks for any help with this.
I'm using limer to interface with r.
There is a rule in modsecurity on the host I am using that is rejecting calls to remotecontrol unless I whitelist the IP addresses I'm using (which change).
Has anyone dealt with this particular problem? I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)
Thanks for any help with this.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
6 years 4 months ago #161494
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Has anyone dealt with Modsecurity rule 990011, user-agent issue?
[quote="jsibley" post=161488 I'm assuming I need to add or modify a rule to accept certain transactions (user-agent libcurl?)
[/quote]
You should post the rule instead of the ID. The mod security IDs are not telling me what rule is triggered.
Every ruleset can use these IDs.
Most common rule set with ID 990011 seems to be the Owasp-modsecurity-core-rule-set.
Since these rulesets are very broad it is quite common to tigger a few rules when using APIs from webapplications.
LimeSurvey is no exception. You can deactivate the rule globally or restrict exception to certain paths.
[/quote]
You should post the rule instead of the ID. The mod security IDs are not telling me what rule is triggered.
Every ruleset can use these IDs.
Most common rule set with ID 990011 seems to be the Owasp-modsecurity-core-rule-set.
Code:
SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:eek:wnload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)" \ "chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'990011',severity:'5'" SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"
Since these rulesets are very broad it is quite common to tigger a few rules when using APIs from webapplications.
LimeSurvey is no exception. You can deactivate the rule globally or restrict exception to certain paths.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- jsibley
- Topic Author
- Offline
- Senior Member
Less
More
- Posts: 40
- Thank you received: 0
6 years 4 months ago #161535
by jsibley
Replied by jsibley on topic Has anyone dealt with Modsecurity rule 990011, user-agent issue?
Thank you so much for responding. I think that this is an issue with limer (and, I believe, with limeRick), how they send the request to remotecontrol, and the rule that is being triggered. The message in my log file is:
[Tue Dec 05 23:28:33.355207 2017] [:error] [pid 3112:tid 140125572921088] [client 73.198.211.20] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/conf.d/imh-modsec/01_base_rules.conf"] [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"]
I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.
Thanks again.
[Tue Dec 05 23:28:33.355207 2017] [:error] [pid 3112:tid 140125572921088] [client 73.198.211.20] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/conf.d/imh-modsec/01_base_rules.conf"] [line "74"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "surveystest.jsassessments.com"] [uri "/index.php/admin/remotecontrol"] [unique_id "Widj4Rfrz4MAAAwoXKgAAACJ"]
I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.
Thanks again.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
6 years 4 months ago #161536
by jelo
The 990011 rule is too strict for many scenarios.
www.inmotionhosting.com/support/communit...ubleshoot-the-issues
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Has anyone dealt with Modsecurity rule 990011, user-agent issue?
The path of the ruleset indicates me, that your provider seems to be InMotionHosting.jsibley wrote: I'm new to this, but I believe that the modsecurity rule requires a parameter for User-Agent and that this isn't being supplied by the R helpers. Limer doesn't appear to be updated often, but I've raised an issue in Github, in case someone is noticing.
The 990011 rule is too strict for many scenarios.
www.inmotionhosting.com/support/communit...ubleshoot-the-issues
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.