Comodo Error with Email Forms
Auteur : Adrian G.Hi I am using the latest version of Website X5 Pro 2019. On all my clients that uses a web form we are experiencing that when the email form submits it gives me an error 403 Forbidden You do not have permission to access this document.I approached my web hosts and they found the following and they asked me to find out what can you suggest regarding this problem please.
It happens on https://www.mulsons.co.za/personal-application-form.html and on all the other clients websites.
I can see that the Web Application Firewall is flagging the submissions as possible SQL injections.
[Sat Jun 22 11:47:31.183893 2019] [:error] [pid 24718] [client 197.229.147.4:44426] [client 197.229.147.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:'\\xbf?\\x22|\\x22\\xbf?'|^\\+?$)" at ARGS_POST:imObjectForm_3_3. [file "/etc/httpd/conf/modsecurity.d/rules/comodo/02_Global_Generic.conf"] [line "199"] [id "211290"] [rev "3"] [msg "COMODO WAF: XSS and SQLi vulnerability||www.mulsons.co.za|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mulsons.co.za"] [uri "/imemail/imEmailForm_sugxcxt5.php"] [unique_id "XQ35M@20in-QTTafOMW32QAAAAM"], referer: https://www.mulsons.co.za/personal-application-form---neels.html
I have disabled WAF on mullions - please can you try again to submit the form. If it works can you contact the supplier of your website creation software and ask them why COMODO web application firewall flags posts as a possible SQL vulnerability (perhaps send them that error from above). Let me know what they say as it is not advisable to leave web application firewall disabled on a website.
Please let me know asap a solution as they advised it is not advisable to leave the firewall disabled.
Thank You so much.
Hello.I ran into problems with the firewall when I was trying to send data to the database.The solution is simple - add a query to the exceptions.
Auteur
Hi WebsiteX5 Support, Please can you confirm my query above as my hosting suppliers are blocking this issue as they say it is marked as a threat on the firewall. I showed the response of adding an exception, but they say it is not a solution. Please it is extremely urgent. It is already 6 days since my initial request and no response from you regarding that. Thank You.
Hello Adrian,
I've marked your question for the specific attention of the Incomedia support staff.
Please allow 24/48 working hours for a response from them. Unfortunately their working hours do not extend over the weekend.
Kind regards,
Paul
Search the WebSite X5 Help Center
Hi Adrian
I've proceeded to forward the matter to the developers so that the error can be investigated better and I will be sure to notify you here as soon as news on the topic becomes available
Thank you for your patience as we look into this
Stefano
Hi Adrian
I've received word from the developers.
The specific issue mentioned in your report has been analyzed and I can confirm that no real threat exists in that specific logic you mentioned. All of the inputs given by the user are handled properly and checked by the software before they reach the Database, and thus the risk of SQL Injection is not existent in this case specifically
I hope I've been helpful
Stefano