Can you point me to the right direction in correcting? It seems to be blocking all links that we post on Facebook other than the homepage. Which logs do I need to analyze? How do I circumvent?
On Tue, May 17, 2016 at 12:57 PM, Christian Folini < christian.fol...@netnea.com> wrote: > Kenneth, > > On Tue, May 17, 2016 at 12:28:54PM +0800, T. Kenneth Lojo (IRRI) wrote: > > Our company has started using mod security as a web application firewall > > and we used the OWASP core rule set. When we apply the CRS Facebook > cannot > > scrape our site and gives a 403 forbidden message. Can you provide > > directions on how to correct this? Our website is http://irri.org > > This is typical behaviour for a new CRS install, which blocks > what seem to be legitimate requests as false positives. > > If you want to continue in blocking mode, you need to tune the system. > Which means you need to get rid of the false positives, by > writing ModSec rules telling the engine to circumvent the said > offending rules. > > Google for ModSecurity tuning and false positives. > > And good luck! > > Christian > > > -- > First you make it, then it works, then you invite people to > make it better. > -- Eben Moglen, Free Software Foundation > -- *T. Kenneth S. Lojo* Specialist-Online Media Design [image: IRRI] <http://irri.org/> +63 2 580 5600 ext. 2703/2744 +63 928 209 1191 (mobile) t.l...@irri.org <g.lav...@irri.org> www.irri.org [image: Facebook] <http://www.facebook.com/IRRI.ricenews> [image: Twitter] <http://twitter.com/RiceResearch> [image: Flickr] <http://www.flickr.com/photos/ricephotos/collections/> [image: Youtube] <http://www.youtube.com/user/irrivideo/featured> [image: Scribd] <http://www.scribd.com/IRRI_resources> [image: Linkedin] <http://www.linkedin.com/company/international-rice-research-institute> [image: Soundcloud] <https://soundcloud.com/irri-radio> [image: Google+] <https://plus.google.com/103972671963502739315> The International Rice Research Institute <http://irri.org> is a member of the CGIAR <http://www.cgiar.org/> -- The International Rice Research Institute <http://irri.org> is a member of the CGIAR <http://cgiar.org> consortium
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
