jebazerosoft
New member
- Joined
- Nov 12, 2024
- Messages
- 5
We have a wordpress website and installed gmail login plugin. When register/login with gmail, it redirects to the below sample page in the website redirected
Got this modsecurity error
"Access denied with code 406 (phase 2). Matched phrase \".profile\" at ARGS:scope. [file \"/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"98\"] [id \"930120\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: .profile found within ARGS:scope: email openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.3.5\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/255/153/126\"] [tag \"PCI/6.5.4\"]"
So off the SecRuleEngine and also added 930120 id to disable. But its not working.
I am accessing the directadmin as a User
Got this modsecurity error
"Access denied with code 406 (phase 2). Matched phrase \".profile\" at ARGS:scope. [file \"/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"98\"] [id \"930120\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: .profile found within ARGS:scope: email openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.3.5\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/255/153/126\"] [tag \"PCI/6.5.4\"]"
So off the SecRuleEngine and also added 930120 id to disable. But its not working.
I am accessing the directadmin as a User