Mautic Community Forums

Mod Security

Your software
My Mautic version is: 2.15.2
My PHP version is: 7.2

Your problem
My problem is: I’m experiencing trouble saving using my self hosted version Mautic. Currently I’ve come across this issue when I try to save email templates or create landing pages. My host has resolved these two issues but I still have trouble using code mode.

These errors are showing in the log (from host):

2020-01-21 07:33:06.773058 [NOTICE] [24806] [85.92.65.92:52431:HTTP2-131] mod_security rule [Id ‘212970’] at [/etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/07_XSS_XSS.conf:135] triggered!
[modsecurity] [Tue Jan 21 07:33:06 2020] [error] [client 85.92.65.92] ModSecurity: Access denied with code 403, [Rule: ‘REQUEST_URI|ARGS_POST|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:emailglobalheader|!ARGS:Post|!ARGS:desc|!ARGS:html_message|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/’ ‘@rx <meta.{0,}?charset/{0,}=’] [id “212970”] [rev “5”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”] [logdata "Matched Data: <metahttp-equiv=“content-type"content=“text/html;charset= found within <!doctypehtmlpublic”-//w3c//dtdxhtml1.0transitional//en”“http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"><htmlxmlns="http://www.w3.org/1999/xhtml”><metahttp-equiv="content-type"content=“text/html;charset=utf-8”/><metaname=“viewport"content=“width=device-width,initial-scale=1.0”>{subject}<styletype=“text/css”>@importurl(https://fonts.googleapis.com/css?family=lato:400);img{max-width:600px;outlin…”] [severity “CRITICAL”] [tag “CWAF”] [tag “XSS”]

Steps I have tried to fix the problem:

I have contracted my host and they have applied various rules to allow the software to run but this weakens the overall security of my site. Are you able to provide a fix in the software so these rules are not triggered?

I’m not very familiar with XSS and mod security but your software is fantastic and I’d like to start using it.