Issue
The ModSecurity rule 77140883 triggered for Joomla is occurring to be a false-positive event:
Message: Access denied with code 403 (phase 2). Test 'ARGS:path' against '!@rx ^$' is true. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-litespeed/013_i360_infectors.conf"] [line "92"] [id "77140883"] [msg "IM360 WAF: RBL block known shells||MVN:local-images:/artikel billeder/My Snapshot_87.jpg||T:LITESPEED||ARGS.path:*/*||ARGS.url:true||SC:/home/USER/public_html/administrator/index.php||"] [severity "DEBUG"] [tag "service_i360custom"] [MatchedString "local-images:/artikel billeder/My Snapshot_87.jpg"]
Environment
- Imunify360
- WAF/ModSecurity
Solution
We express our apologies for the inconveniences.
An internal case (WPT-629) was raised to investigate and fix the reported problem by our dev team. Once the rule is updated, the corresponding note will be published in our changelog.
Cause
The rule's false-positive behaviour.
Comments
0 comments
Please sign in to leave a comment.