Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
I am looking at my log files for Apache and see this:
[Tue Jul 14 00:42:25 2009] [error] [client BAD GUY IP] ModSecurity: Warning.
..." at ARGS:discountdesc_NB. [file
[line "66"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data
"src='http:"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "
server13.back.domain.com"] [uri "/buy/CheesePizza"] [unique_id
I get maybe a couple of hundred of these type alerts a day, but these are
not attacks. Part of our application, I cannot tell what I need to edit
here as far as to fix this so I do not block a legit transaction. Would I
remove "src" from this line mentioned above? Remove it here or:
Am I completely off and looking in the wrong place?