2013-06-05, 23:22:30
You can try something like this in your htaccess to confirm.
Mod_sec will block xss attacks by detecting posts and gets containing the same code or data, indicating a successful reflected xss attack. Unfortunately this is exactly what we want to happen in a cms. If you are posting to a page that clearly exists and you get a 403, then something is blocking it, check your headers, but usually it is specifically made to be undetectable for real attackers. So your access and error logs will show apache blocking it.
Code:
# insert your ip
SetEnvIf Remote_Addr ^XXX\.XXX\.XXX\.XXX$ MODSEC_ENABLE=Off
SetEnvIf Request_Method !^POST$ MODSEC_ENABLE=On
Mod_sec will block xss attacks by detecting posts and gets containing the same code or data, indicating a successful reflected xss attack. Unfortunately this is exactly what we want to happen in a cms. If you are posting to a page that clearly exists and you get a 403, then something is blocking it, check your headers, but usually it is specifically made to be undetectable for real attackers. So your access and error logs will show apache blocking it.