I have been working with ModSecurity in preparation for rolling it out to production. I've needed to tweak a couple of rules to deal with the way we redirect and process URLs -- one of them was not allowing enough special characters through to let our system work.
I've found a page, though, that I can't get to work. It loads some boilerplate and then makes an ajax call to load the rest. I've checked the application logs (this is in IIS on Windows) and found no messages for this particular block. Setting the SecRuleEngine to DetectionOnly doesn't help -- it still gets blocked after restarting the service. But a client machine that is whitelisted doesn't experience the block. And removing the ModSecurity module entirely fixes it for all clients.
Could someone describe to me what sort of mechanism might cause an ajax request to be blocked, even in DetectionOnly mode? Hypotheticals are welcome.
Colin
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
All,
I have been working with ModSecurity in preparation for rolling it out to production. I've needed to tweak a couple of rules to deal with the way we redirect and process URLs -- one of them was not allowing enough special characters through to let our system work.
I've found a page, though, that I can't get to work. It loads some boilerplate and then makes an ajax call to load the rest. I've checked the application logs (this is in IIS on Windows) and found no messages for this particular block. Setting the SecRuleEngine to DetectionOnly doesn't help -- it still gets blocked after restarting the service. But a client machine that is whitelisted doesn't experience the block. And removing the ModSecurity module entirely fixes it for all clients.
Could someone describe to me what sort of mechanism might cause an ajax request to be blocked, even in DetectionOnly mode? Hypotheticals are welcome.
I should add I'm using the OWASP basic rule set.
To receive support please open a git issue.