6/29/2023 0 Comments Comodo modsecurity cpanel![]() If yes, then SuiteCRM should code the login to be hashed and encrypted too. Operating System and version (e.g Ubuntu 16.04): Centos if I understood well, cris001 says that while SugarCRM 6.5 hashes and encrypts the password, SuiteCRM does not so.According to user pgr at SuiteCRM forum, this login + WAF issue is happing more frequently recently. ![]() High: I believe this could be a security issue and also because many SuiteCRM potential users are turned away when they see the login will not work properly. Actual BehaviorĬhange the login code to avoid triggering WAF. Other software work properly with WAF, like Wordpress. Login should work seamlessly without triggering WAF. Tailf /usr/local/apache/logs/error_log Expected Behavior ModSecurity: Access denied with code 403 (phase 2). They supplied me with this from error log: Comodo WAF thinks this is a Blind SQL Injection. On requesting help with my hosting provider, they say the login issue is related to SuiteCRM coding, which is blocked by Comodo WAF. I checked all the preconditions in the server for SuiteCRM to work, they are ok except ZLIB. After the clean instal, login will not work. I made a fresh install of SuiteCRM using Softaculous on WHM (LAMP).
0 Comments
Leave a Reply. |