Question posted in 
I just migrated my Website to a new server using Plesk.
Firewall (Modsecurity) is enabled by default on Plesk. But looking at the log, I found this message repeated several times :
ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points.
[file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded|
Total Points: 4|www.domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.domain.com"] [uri "/index.php"] [unique_id "XomsYjNLwpIAAEgBVSMAAAAA"]
Could someone explain what that means and how to fix it?
2
Answers
Paste the ID [id "214940"] into plesk whitelist. This should fix your issue. Also, this is just an informational message but I believe the rule is looking for malicious iFrames "Possibly malicious iframe tag in output". This rule is causing that output on my server.
You will want to look for an entry with the letter H after the event ID (in our example, eece5138-H–). This entry contains the ID and description of the security rule triggered while checking the HTTP request.
i’ve got the same issue on self hosted owncloud. putted the rule IDs found in logs: modsec_audit.log into plesk domain configuration (Web Application Firewall). Without exclude this rules after every fileupload to owncloud apache/nginx is crashing.