Hello, We use AJAX and CORS as part of a login form on our website. For some reason, ModSecurity 2.8.0 for Windows seems to be preventing this from working properly. However, nothing shows up in the debug logs (level = 9) showing that anything had been blocked. I can see in the logs that ModSecurity is receiving the HTTP Post with the email/password login values. The debug.log does not show any any positive rule hits. Also, I¹m in detect-only mode so it shouldn¹t be dropping anything.
My thought was that something in the outbound rule set is modifying the response in some way, but I disabled it and still had the issue. When I disable ModSecurity entirely, login works just fine. I am using the base CRS rules that are installed by default by the ModSecurity installer. Any thoughts on how to troubleshoot this? Without anything showing up in the debug.log I am lost. (BTW: I originally posted this to the regular mod security users list and am reposting here for additional feedback.) Thanks, Brian Clark Restaurant.com - Best Deal. Every Meal. Restaurant.com is the trusted and valued source connecting diners, restaurants, businesses and communities since 1999. The company offers savings at thousands of restaurants nationwide with more than 30,000 gift certificate options. The Restaurant.com Independent Consultant program offers thousands of self-employment opportunities to individuals that want to earn money while helping Restaurant.com to expand to more restaurants, businesses and communities nationwide. To date, Restaurant.com customers have saved more than $1 billion through the gift certificate program filling more than 3.5 million tables annually. Restaurant.com is a pioneer in the restaurant deal space and is headquartered in Arlington Heights, IL. Smartphone and iPad users: download our app - iPhone<https://itunes.apple.com/us/app/restaurant.com/id488860392?ls=1&mt=8>, iPad<https://itunes.apple.com/us/app/restaurant.com/id488860392?ls=1&mt=8> and Android<https://play.google.com/store/apps/details?id=com.restaurant.mobile> Learn more about Restaurant.com https://sales.restaurant.com/Overview Find dining deals near you http://www.restaurant.com Make money with Restaurant.com https://sales.restaurant.com/MakeMoney _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
