After upgrade ispconfig to 3.1.11 the website add function in API not work anymore. After read the log, i found this: [INTERFACE]: PHP IDS Alert.Total impact: 54<br/> Affected tags: xss, csrf, dt, id, lfi, rfe, sqli<br/> <br/> Variable: POST.{"session_id":"(hidden)","client_id":"282","params":{"server_id":"5","http_port":80,"https_port":443,"ip_address":"*","ipv6_address":"","domain":"(hidden)","type":"vhost","parent_domain_id":0,"vhost_type":"name","hd_quota":-1,"traffic_quota":-1,"cgi":"n","ssi":"n","suexec":"y","errordocs":1,"is_subdomainwww":1,"subdomain":"www","php":"php-fpm","perl":"n","ruby":"n","python":"n","redirect_type":"","redirect_path":"","seo_redirect":"","rewrite_rules":"","ssl":"y","ssl_letsencrypt":"n","ssl_state":"","ssl_locality":"","ssl_organisation":"","ssl_organisation_unit":"","ssl_country":"","ssl_domain":"(hidden)","ssl_request":"-----BEGIN_CERTIFICATE_REQUEST-----(hidden)1Mw | Value: =n-----END CERTIFICATE REQUEST-----","ssl_cert":"-----BEGIN CERTIFICATE-----(hidden)n-----END CERTIFICATE-----","ssl_bundle":"-----BEGIN CERTIFICATE-----(hidden)-----n-----BEGIN CERTIFICATE-----(hidden) n-----END CERTIFICATE-----","ssl_action":"save","stats_password":"","stats_type":"","allow_override":"All","apache_directives":"","php_open_basedir":"/","custom_php_ini":"session.save_handler = redisnsession.save_path = "tcp://127.0.0.1:6379"","backup_interval":"none","backup_copies":1,"backup_excludes":"","active":"y","traffic_quota_lock":"n","php_fpm_use_socket":"y","pm":"dynamic","pm_max_children":10,"pm_start_servers":2,"pm_min_spare_servers":1,"pm_max_spare_servers":5,"pm_max_requests":0,"pm_process_idle_timeout":10,"log_retention":30,"added_date":"2018-02-14 17:24:01","ssl_key":"-----BEGIN RSA PRIVATE KEY-----(hidden)-----END RSA PRIVATE KEY-----","added_by":"CPL API"}}<br/> Impact: 54 | Tags: xss, csrf, dt, id, lfi, rfe, sqli<br/> Description: Finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID 2<br/> Description: Detects basic directory traversal | Tags: dt, id, lfi | ID 10<br/> Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID 23<br/> Description: Detects data: URL injections, VBS injections and common URI schemes | Tags: xss, rfe | ID 27<br/> Description: Detects common comment types | Tags: xss, csrf, id | ID 35<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 1/3 | Tags: sqli, id, lfi | ID 44<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID 46<br/> Description: Detects MySQL comment-/space-obfuscated injections and backtick termination | Tags: sqli, id | ID 57<br/> <br/> I can be do something to fix? Regards,
Update to git-stable (not git-master), the issue is fixed there. Or you turn of the IDS completely for anon and user in /usr/local/ispconfig/security/security_settings.ini until ISPConfig 3.1.12 get's released.