Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Rule 218500 False positives
See original GitHub issue_Issue originally created by user stephywells on date 2017-08-21 17:29:58. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/856._
I am the lead developer of a WordPress plugin called Formidable Forms. https://wordpress.org/plugins/formidable/
I’ve been working with our users who are having trouble with this rule, but have been unable to get version details. However, this issue recently started popping up in the last month.
This is the line I’ve narrowed the issued down to:
<div>[if error][/if error]</div>
Is there something we can do other than ask for hosts to disable this rule?
Issue Analytics
- State:
- Created 3 years ago
- Comments:8
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
User YbyMMbPh commented on date 2017-08-28 23:33:15:
Hello Stephy, the repo you linked to is a single web host’s (Sliqua Hosting) personally curated version of the Comodo rule set. If you want to pursue a change to Comodo’s main rule set then the place to start would be at their forum. It does appear to be monitored by the devs who maintain the rule set. You can find it here. To manage your expectations… Many hosts do not auto update their Rules. This is due to the fear that a new rule may cause 1000s of support requests. So if you succeed in getting Comodo to change their rule to allow your string to pass it may take years for it to become active on all web hosts with Comodo rules. Changing you own code could fix this for all your plugin’s users in a week. As lifeforms commented the modsec_audit.log of http request that caused the False Positive is the starting point for someone to edit an existing rule or to create an exclusion rule to deal with the false positive. If you can get it please post it here as well as at Comodo’s forum.
User csanders-git commented on date 2017-08-31 15:05:04:
Seems like we have a pretty good consensus on this topic. If you have any additional questions or feedback, please feel free to reopen this topic.