6 years ago

Problem:

mod_security blocks markdown with with bash snippets with message

Remote Command Execution: Unix Command Injection

It does this on page save in the admin. Showing the file in the frontend gives no problems.

Question

What can I do about it. Is there an exception file for grav like for most other platforms supported by modsecurity?

crs-setup.conf has a section like:

Modify and uncomment this rule to select which application:

SecAction \

"id:900130,\

phase:1,\

nolog,\

pass,\

t:none,\

setvar:tx.crs_exclusions_nextcloud=1,

setvar:tx.crs_exclusions_cpanel=1,\

setvar:tx.crs_exclusions_drupal=1,\

setvar:tx.crs_exclusions_dokuwiki=1,\

setvar:tx.crs_exclusions_wordpress=1,\

setvar:tx.crs_exclusions_xenforo=1"

Did anyone create an exception file?

Topic	Replies	Views	Activity
Updating to newer Grav versions Support · by Water Science, 3 weeks ago	11	170	7 hours ago
unable to get waypoints to trigger Support · by Duc , 23 hours ago	1	44	23 hours ago
Multisite in subdirectory Support · by Thomas, 1 week ago	3	116	1 day ago
How to listen for GET requests instead of POST requests? Support · by Anna, 4 days ago	2	109	2 days ago
Twig not processing in 2.0.0 Support · by Justin Young, 2 days ago	1	89	2 days ago

Topic

Replies

Views

Activity

Updating to newer Grav versions

Support · by Water Science, 3 weeks ago

170

7 hours ago

unable to get waypoints to trigger

Support · by Duc , 23 hours ago

23 hours ago

Multisite in subdirectory

Support · by Thomas, 1 week ago

116

1 day ago

How to listen for GET requests instead of POST requests?

Support · by Anna, 4 days ago

109

2 days ago

Twig not processing in 2.0.0

Support · by Justin Young, 2 days ago