6 years ago

Problem:

mod_security blocks markdown with with bash snippets with message

Remote Command Execution: Unix Command Injection

It does this on page save in the admin. Showing the file in the frontend gives no problems.

Question

What can I do about it. Is there an exception file for grav like for most other platforms supported by modsecurity?

crs-setup.conf has a section like:

Modify and uncomment this rule to select which application:

SecAction \

"id:900130,\

phase:1,\

nolog,\

pass,\

t:none,\

setvar:tx.crs_exclusions_nextcloud=1,

setvar:tx.crs_exclusions_cpanel=1,\

setvar:tx.crs_exclusions_drupal=1,\

setvar:tx.crs_exclusions_dokuwiki=1,\

setvar:tx.crs_exclusions_wordpress=1,\

setvar:tx.crs_exclusions_xenforo=1"

Did anyone create an exception file?

Topic	Replies	Views	Activity
unable to get waypoints to trigger Support · by Duc , 2 hours ago	1	17	1 hour ago
Multisite in subdirectory Support · by Thomas, 1 week ago	3	101	10 hours ago
How to listen for GET requests instead of POST requests? Support · by Anna, 3 days ago	2	99	1 day ago
Twig not processing in 2.0.0 Support · by Justin Young, 1 day ago	1	66	1 day ago
Form: GRAV.Yes translation key Support · by Duc , 1 week ago	2	101	6 days ago

Topic

Replies

Views

Activity

unable to get waypoints to trigger

Support · by Duc , 2 hours ago

1 hour ago

Multisite in subdirectory

Support · by Thomas, 1 week ago

101

10 hours ago

How to listen for GET requests instead of POST requests?

Support · by Anna, 3 days ago

1 day ago

Twig not processing in 2.0.0

Support · by Justin Young, 1 day ago