spirit
Verified User
We have updated the mod_security rules. Now the Joomla-users can't logout on the frontpage using the (standaard Joomla) login-module.
Meanwhile we found the added rules that cause the problem. See below.
Is there anyone that can tell me why this problem occurs?
We would like to solve this problem a.s.a.p.
Thanks in advance.
Greetings,
Meanwhile we found the added rules that cause the problem. See below.
Is there anyone that can tell me why this problem occurs?
We would like to solve this problem a.s.a.p.
Code:
#really broad furl_fopen attack sig
#tune this for your system
#SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300018,rev:3,severity:2,msg:'Generic PHP code injection protection via ARGS'"
#SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&)" chain
#SecFilterSelective ARGS "(ht|f)tps?:/" chain
#SecFilterSelective HTTP_Referer "!/imp/login\.php"
#SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300040,rev:1,severity:2,msg:'Generic PHP code injection protection in URI'"
#SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&).*=(ht|f)tps?:/" chain
#SecFilterSelective HTTP_Referer "!/imp/login\.php"Thanks in advance.
Greetings,