![Comodo web application firewall](https://cdn1.cdnme.se/5447227/9-3/7_64e61dfbddf2b36517292648.png)
![comodo web application firewall comodo web application firewall](https://image.slidesharecdn.com/comodo-free-modsecurity-150217154912-conversion-gate02/95/web-application-firewall-1-638.jpg)
SecRule REQUEST_URI "node/+/webform/components/" "phase:2,deny,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:320474,rev:14,severity:2,msg:'Protected by Basic Non-Realtime WAF Rules: Generic XSS filter',logdata:'%'" #special case for drupal for 340147 above However, I'm a bit suspicious, because the files have yesterday's date, which means they may get refreshed every day, even though their content hasn't changed on my site since October 27, 2017.Īlso, there is more than one rule involved: Var/asl/rules/modsec/50_plesk_basic_asl_nf
![comodo web application firewall comodo web application firewall](http://bramjpro.com/wp-content/uploads/2016/12/comodo-firewall-download-thumb.png)
The two that likely matter areĮtc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_nf
![comodo web application firewall comodo web application firewall](https://cdn.lo4d.com/t/screenshot/ipr/comodo-internet-security-and-firewall.jpg)
I have Plesk installed on my server, too, and I found 5 files (and one directory) named 50_plesk_basic_asl_nf. Pattern match "^/node/+/webform/components/" at REQUEST_URI.Īnd the user reporting having trouble inserting a multi-select field into a form. I actually had an IP banned because of this, with 40 entries in modsec_audit.log like
![Comodo web application firewall](https://cdn1.cdnme.se/5447227/9-3/7_64e61dfbddf2b36517292648.png)