ModSecurity does not block secret_file_test.php?secret_file=/etc/passwd link

Created:

2016-12-12 03:40:23 UTC

Modified:

2017-08-08 13:30:32 UTC

0

Was this article helpful?


Have more questions?

Submit a request

ModSecurity does not block secret_file_test.php?secret_file=/etc/passwd link

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

Why http://example.com/test.php?secret_file=/etc/passwd link does not create an entry for the denied access as per Atomic Basic ModSecurity ruleset?

Cause

This type of request is not included into ModSecurity Basic rules set. The ones that are included can be found in /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf file. For example, requests for:

http://example.com/test.php?secret_file=http://test.com
http://example.com/test.php?secret_file=wp-config.php
http://example.com/?abc=../../

Resolution

Contact ModSecurity support to get more details about why link http://example.com/test.php?secret_file=/etc/passwd is considered safe.

Have more questions? Submit a request
Please sign in to leave a comment.