xf Proxy Function triggers Mod_security

Spiker400

Member
I have a Problem while using the internal xf Proxy function for links and Pictures.
Everytime the Server blocks it - but i'm not realy sure to disable mod_sec rule for this, does has anyone a idea for this ?

[Sat Oct 17 21:45:09.755975 2015] [:error] [pid 18726] [Client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?)://" at REQUEST_URI. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "511"] [id "340165"] [rev "284"] [msg "Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)"] [data "/proxy.php?preview=http://www.google.de&hash=0sdfw4wer23r23r2scd"] [severity "CRITICAL"] [hostname "www2.xxxxxxxx.com"] [uri "/proxy.php"] [unique_id "ViKlRdXlYQcAAEWuMABE"]
 
This is to be expected with unmodified mod_security rules. Just exempt (whitelist) "proxy.php" from all rules and it will work. You also can disable mod_security completely, because XF has no security holes.
 
Last edited:
Back
Top Bottom