Error Id 981001
Sign in Pricing Blog Support Search GitHub This repository Watch 149 Star 719 Fork 261 SpiderLabs/owasp-modsecurity-crs Code Issues 95 Pull requests 10 Projects 0 Pulse Graphs Permalink Branch: master Switch branches/tags Branches Tags gh-pages master owasp-honeypots trunk v3.0.0-dev v3.0.0-rc1 v3.0.0-rc2 Nothing to show v3.0.0-rc1 v2.2.6 v2.2.5 2.2.9 2.2.8 2.2.7 Nothing to show Find file Copy path owasp-modsecurity-crs/base_rules/modsecurity_crs_50_outbound.conf 5a5e432 Feb 18, 2016 dstelter Remove redundant actions from some rules 2 contributors Users who have contributed to this file dstelter 4ft35t Raw Blame History 139 lines (101 sloc) 21.8 KB # --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.2.9 # Copyright (C) 2006-2012 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # # NOTE By default the status code sent is 501, which implies that the web # server does not support the required operation. This is a non standard # of this status code which normally refers to unsupported HTTP methods. # It is used in order to confuse automated clients and scanners. # Zope Information Leakage SecRule RESPONSE_BODY "
Site Error<\/h2>.{0,20}
An error was encountered while publishing this resource\." \ "phase:4,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',t:none,capture,ctl:auditLogParts=+E,block,msg:'Zope Information Leakage',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',id:'970007',tag:'OWASP_CRS/LEAKAGE/ERRORS_ZOPE',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3',setvar:'tx.msg=%{rule.msg}',setvar:tx.outbound_anomaly_score=+%{tx.error_anomaly_score}
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Google Tag Manager include that https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/base_rules/modsecurity_crs_50_outbound.conf passes mod-security rules in Apache up vote 1 down vote favorite I've been looking into using Google Tag Manager on my website, but I've failed at the first hurdle due to the default Google include code being blocked by the mod-security installation on my server: Standard GTM include code: script(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); http://stackoverflow.com/questions/22964411/google-tag-manager-include-that-passes-mod-security-rules-in-apache })(window,document,'script','dataLayer','GTM-XXXXXX'); Response from mod-security: WARNING: Possibly malicious iframe tag in output Message: Outbound Anomaly Score Exceeded (score 15): Possibly malicious iframe tag in output The rules triggered are ids 981000 and 981001. I can understand why mod-security might think an iframe with "display:none;visibility:hidden" could be possibly malicious, and removing the style attribute stops rule 981001 from triggering, but the request still fails because of rule 981000. 981000 seems to have a strong opinion about what the width and height attributes should be, but I've tried setting them to '1' and '10' to no avail :-( Does anyone know how to format an iframe to fit this rule? or how to change the GTM include code so that it doesn't contain the iframe? Thanks PS: I know you can solve this problem by removing the whole noscript area, but I'm looking for a solution that doesn't alter the functionality of the include code. PPS: this is the pattern that rule 981000 is matching, I can understand about half of it before my brain explodes in a cloud of nested capture groups ;-) Pattern match "<\W*iframe[^>]+?\b(?:width|height)\b\W*?=\W*?["']?[^"'1-9]*?(?:(?:20|1?\d(?:\.\d*)?)(?![\d%.])|[0-3](?:\.\d*)?%)" apache iframe google-tag-manager mod-security
NY Published in: ·Newsletter ACM SIGKDD Explorations Newsletter Homepage archive Volume 5 Issue 2, December 2003 http://dl.acm.org/citation.cfm?id=981001 Pages 179-184 ACM New York, NY, USA tableofcontents doi>10.1145/980972.981001 2003 Article https://gcc.gnu.org/bugzilla/show_bug.cgi?id=20554 Bibliometrics ·Downloads (6 Weeks): 4 ·Downloads (12 Months): 34 ·Downloads (cumulative): 696 ·Citation Count: 19 Recent authors with related interests Concepts in this article powered by Concepts inThe myth of the double-blind review?: author identification using only citations Citation Broadly, error id a citation is a reference to a published or unpublished source (not always the original source). More precisely, a citation is an abbreviated alphanumeric expression (e.g. ) embedded in the body of an intellectual work that denotes an entry in the bibliographic references section of the work for the purpose of acknowledging the relevance of error id 981001 the works of others to the topic of discussion at the spot where the citation appears. morefromWikipedia Blind experiment A blind or blinded experiment is a scientific experiment where some of the people involved are prevented from knowing certain information that might lead to conscious or subconscious bias on their part, invalidating the results. For example, when asking consumers to compare the tastes of different brands of a product, the identities of the product should be concealed ¿ otherwise consumers will generally tend to prefer the brand they are familiar with. morefromWikipedia Mythology For other uses, see Myth (disambiguation), Mythology (disambiguation), and Mythos (disambiguation). The term "mythology" can refer either to the study of myths, or to a body or collection of myths (a mythos, e.g. , Inca mythology). In folkloristics, a myth is a sacred narrative usually explaining how the world or humankind came to be in its present form, although, in a very broad sense, the word can r
| Forgot Password Login: [x] User account creation filtered due to spam. Bug20554 - New testsuite fails: error: alias definitions not supported in this configuration Summary: New testsuite fails: error: alias definitions not supported in this configura... Status: RESOLVED FIXED Alias: None Product: gcc Classification: Unclassified Component: testsuite (show other bugs) Version: 4.0.0 Importance: P2 normal Target Milestone: 4.0.0 Assignee: Not yet assigned to anyone URL: Keywords: Depends on: Blocks: Reported: 2005-03-19 15:22 UTC by John David Anglin Modified: 2005-07-23 22:49 UTC (History) CC List: 2 users (show) christian.joensson gcc-bugs See Also: Host: hppa2.0w-hp-hpux11.11 Target: hppa2.0w-hp-hpux11.11 Build: hppa2.0w-hp-hpux11.11 Known to work: Known to fail: Last reconfirmed: Attachments Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug. Description John David Anglin 2005-03-19 15:22:56 UTC FAIL: gcc.c-torture/compile/20011119-1.c -O0 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-1.c -O1 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-1.c -O2 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-1.c -O3 -fomit-frame-pointer (test for ex cess errors) FAIL: gcc.c-torture/compile/20011119-1.c -O3 -g (test for excess errors) FAIL: gcc.c-torture/compile/20011119-1.c -Os (test for excess errors) FAIL: gcc.c-torture/compile/20011119-2.c -O0 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-2.c -O1 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-2.c -O2 (test for excess errors) FAIL: gcc.c-torture/compile/20011119-2.c -O3 -fomit-frame-pointer (test for ex cess errors) FAIL: gcc.c-torture/compile/20011119-2.c -O3 -g (test for excess errors) FAIL: gcc.c-torture/compile/20011119-2.c -Os (test for excess errors) FAIL