Attack: Off-Domain Reference/Link - Proxy Images

rosal

Active member
Hi i use ModSecurity™ Tools /OWASP Rules in cpanel , and im trying to configure SSL with Proxy Images, but wen i active proxy images the images dont show.

If i disable this rule in cpanel they show ok

But its not danger to disable this rule?

www.mydomain.com 178.198.32.98 CRITICAL 302
Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link
950120

Error Rule trigered
Code:
SecRule ARGS "^(?:ht|f)tps?://(.*)$" "chain, phase:request, rev:'3', ver:'OWASP_CRS/3.0.0', maturity:'9', accuracy:'9', t:none, capture, ctl:auditLogParts=+E, block, msg:'Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link', logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}', id:'950120', severity:'CRITICAL', tag:'application-multi', tag:'language-multi', tag:'platform-multi', tag:'attack-remote file inclusion', tag:'OWASP_CRS/WEB_ATTACK/RFI'"
SecRule TX:1 "!@beginsWith %{request_headers.host}" "setvar:'tx.msg=%{rule.msg}', setvar:tx.rfi_score=+%{tx.critical_anomaly_score}, setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/RFI-%{matched_var_name}=%{tx.1}"
Error
Code:
Request:
GET /proxy.php?image=https%3A%2F%2Fs29.postimg.org%2Fphhh53obb%2image2.png&hash=23ea1a6e0e93efbeb3099592272b73c4
Action Description:
Access denied with redirection to http://www.mydomain.com/ using status 302 (phase 2).
Justification:
Match of "beginsWith %{request_headers.host}" against "TX:1" required.
 
Top