Hi, when I save some custom email filters inside the ispconfig backend, I receive a ton of red warning alerts in my log as my "filters" are treaded as malicious. It looks like it did not affect the saving but the log. [INTERFACE]: PHP IDS Alert.Total impact: 27<br/> Affected tags: xss, csrf, id, rfe, sqli, lfi<br/> <br/> Variable: POST.custom_mailfilter | Value: As I tried a lot and saved like 40 times, I had 40 entries. Should't custom mailfilter we excluded from those checks? ... require ["fileinto", "regex"]; if header :contains "subject" ["Rechnung", "Receipt", "Beleg", "Invoice", "Quittung"] { fileinto "2018"; redirect
Yes, we might have to exclude that if it causes too many issues in that form part. You can set the score in security_settings.ini to a higher value so that the IDS does not get triggered.
It would probably be good to collect verifiably legitimate use that trips the IDS and add those fields to the ids whitelist, so people can leave the IDS enabled. I created a merge request to include a few I've seen on our system. @Hbod, run Code: grep POST.custom_mailfilter /usr/local/ispconfig/interface/temp/ids.log | sort -u to get the user level ('user' and/or 'admin') and file path, and put that info here or in https://git.ispconfig.org/ispconfig/ispconfig3/merge_requests/762
