mod_security blocking wrongly web pages on HTTPD 2.4

Solution Verified - Updated -

Issue

  • When website developers attempt to save changes to a website they get a message: "Forbidden You don't have permission to access this resource."
[Sun Feb 18 21:07:33.850523 2024] [:error] [pid 2905811:tid 2906007] [client 127.0.0.1:2222] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "localhost.com"] [uri "/SAMPLE$"] [unique_id "ZdK35Q_7Tei8zo6c_3TMdAAAAEY"]

Environment

  • Red Hat Enterprise Linux (RHEL)
    • 7.x
    • 8.x
    • 9.x
  • Apache HTTPD
    • 2.4
  • JBoss Core Service (JBCS)
    • 2.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content