Hello all,
I am receiving the error below when I enable the modsecurity module on Nginx.
[error] 54081#54081: *8 [client 172.68.186.167] ModSecurity: Access denied with code 403 (phase 4). Matched "Operator `Ge' with parameter `4' against variable `TX:OUTBOUND_ANOMALY_SCORE' (Value: `4' ) [file "/etc/nginx/modsec/coreruleset-3.3.2/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "68"] [id "959100"] [rev ""] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [data ""] [severity "0"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "x.x.x.x"] [uri "/index.php"] [unique_id "1636875520"] [ref ""] while sending to client, client: x.x.x.x, server: domain.org, request: "GET /index.php?module=Installation&action=systemCheckPage&idSite=1&period=day&date=yesterday HTTP/1.1", upstream: "fastcgi://unix:/run/php/php-fpm.sock", host: "domain.name", referrer: "https://domain.name/index.php?module=CoreAdminHome&action=home&idSite=1&period=day&date=yesterday"
2021/11/14 08:38:42 [alert] 54081#54081: *8 header already sent while sending to client, client: x.x.x.x, server: stats.azandi.info, request: "GET /index.php?module=Installation&action=systemCheckPage&idSite=1&period=day&date=yesterday HTTP/1.1", upstream: "fastcgi://unix:/run/php/php-fpm.sock", host: "domain.name", referrer: "https://domain.name/index.php?module=CoreAdminHome&action=home&idSite=1&period=day&date=yesterday"
Is this still an ongoing issue? Can someone please direct me to a possible solution?
Ideally I would like modsecurity enabled.