Hello this is my first post and I know that I can't ask for anything urgently hehe, but any help is really really appreciated.
I got a client with the following error:
Code:
[Wed Apr 30 12:30:30 2008] [error] [client 189.177.38.64] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\\\$_(?:(?:pos|ge)t|session))\\\\b|<\\\\?(?!xml))" at ARGS:edit[introduction]. [id "950013"] [msg "PHP Injection Attack. Matched signature <<?>"] [severity "CRITICAL"] [hostname "www.mydomain.com"] [uri "/node/131/edit"] [unique_id "gVR4Qn8AAAEAABqgancAAABd"]
I've already created a modsecurity_crs_60_custom_rules.conf with
Code:
<LocationMatch "/node/131/edit">
SecRuleRemoveById 950013
</LocationMatch>
I've restarted the application server and nothing, I keep getting the same error... Please any help is appreciated here
I forgot to mention that the "Introduction" field has this info at the moment of editing
Code:
<img class="article-left" src="<?php print url_resource("someimage.jpg"); ?>" />
Thanks!
Fryzer