It is unfortunate that this occurs with FLEXIcontent, not with K2, ContentBuilder, Cobalt and other.
How is this relevant ?? at all, :shock:
i could make mod_security rules to match any web software as malicious, what would that mean ??? 10 rules to match K2, 10 rules to match ContentBuilder, etc
Maybe I was mis-understood, i ll try to be more detailed bellow
1.
the problem is not with FLEXIcontent
but with a mod_security rule that make a
false positive
2.
the creators of mod_security describes exactly this
3. A FALSE-POSITIVE is when a matching rule
wrongly matches something that was not meant to be matched,
4. Many well know software web or desktop have been matched as virus by mod_security or anti-virus programs, this is the definition of a FALSE-POSITIVE
5. Despite the fact that this is not a FLEXIcontent issue at all , but problem with a --CUSTOM-- mod_security rule installed in server, we are willing to work with you to find what is happening , but to fix what????
guess your custom mod_security rule out of million combinations ? How could that be possible?
6. We install FLEXIcontent on SHARED servers of well-known provider that hosts millions of sites, they do not have the custom mod_security rule that you have.
In short
a. it is the responsibility of the rule maker to make rules that do not create false positives !!
b. despite the above we are willing to look into this,
but please look at the logs to find the rule that was matched and ask your administrator to fix it, also if this rule is important we will try to change FC code so that it will not be matched,
it could be as simple as adding a space into our code that will prevent the rule from being matched, (and if this mod_security rule is important or very common we are willing to do it)
but please tell us the rule that was matched !!
thank you so match for taking time to read the above
Best Regards