Forums / General / modsecurity and Exponential

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

modsecurity and Exponential

Previous topic

General

Next topic

Author	Message
James Ward	Tuesday 07 August 2007 10:07:35 am Hi All, I recently setup a new hosting server with modsecurity. I've noticed Exponential triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for Exponential I would love to see it. Here is what I have excluded so far: id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>" id: 950006 msg "System Command Injection. Matched signature <cmd/c>" id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>" If you know of more or if you think these are not being triggered by Exponential please share your experience. Cheers! working at www.wardnet.com blogging at www.jamesward.ca

Author

Message

James Ward

Tuesday 07 August 2007 10:07:35 am

Hi All,
I recently setup a new hosting server with modsecurity. I've noticed Exponential triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for Exponential I would love to see it. Here is what I have excluded so far:

id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>"
id: 950006 msg "System Command Injection. Matched signature <cmd/c>"
id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>"

If you know of more or if you think these are not being triggered by Exponential please share your experience.

Cheers!

working at www.wardnet.com
blogging at www.jamesward.ca