[Solved] 403 Error with 4.1.5

[sysmesh]

Thanks. Realizing it may sounds like a silly question but any hints to the location of the rules config file on the server?

 

[NiteWave]

the rule can be found through
lsws admin console->Configuration->Server->
Request Filter->XSS attack->just disable it

restart lsws. see if the issue gone.

 

[sysmesh]

That did the trick! Thank you so much.

 

[clarocque]

Why?

OK after reading this thread I was able to stop the 403 error...

But how come I have to remove these rules in any version after 4.1.1?

SecFilterSelective ARGS "(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)"

SecFilterSelective ARGS "<(applet|div|embed|iframe|img|meta|object|script|textarea)"

When the same exact script & data is OK in 4.1.1?

 

[webizen]

the rulesets may not work well with 4.1.1 and prior as modsec support is improving.