ISPConfig Protocol full of PHP IDS alerts

Discussion in 'General' started by Hbod, Mar 7, 2018.

  1. Hbod

    Hbod Member


    when I save some custom email filters inside the ispconfig backend, I receive a ton of red warning alerts in my log as my "filters" are treaded as malicious. It looks like it did not affect the saving but the log.

    [INTERFACE]: PHP IDS Alert.Total impact: 27<br/> Affected tags: xss, csrf, id, rfe, sqli, lfi<br/> <br/> Variable: POST.custom_mailfilter | Value:

    As I tried a lot and saved like 40 times, I had 40 entries. Should't custom mailfilter we excluded from those checks?

    require [&quot;fileinto&quot;, &quot;regex&quot;]; if header :contains &quot;subject&quot; [&quot;Rechnung&quot;, &quot;Receipt&quot;, &quot;Beleg&quot;, &quot;Invoice&quot;, &quot;Quittung&quot;] { fileinto &quot;2018&quot;; redirect
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, we might have to exclude that if it causes too many issues in that form part. You can set the score in security_settings.ini to a higher value so that the IDS does not get triggered.

Share This Page