ModSec causando erro 403 no site

PXL · 22 de maio de 2023

Criei uma aplicação laravel e fiz o deploy da mesma, depois de um tempo testando comecei a receber o erro 403 no site inteiro, impossibilitando o uso, buscando a fundo descobri que foi bloqueio do Mod Security, quando desativo o site volta a funcionar, o problema é que não entendo tanto dessa parte de segurança de servidores e queria saber como posso resolver esse problema, os dois principais erros que aparecem no site são esses:

Citação

[:error] [pid 30958:tid 140424601618176] [client 45.183.32.80:52624] [client 45.183.32.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at REQUEST_COOKIES:XSRF-TOKEN. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: V0xCb1 found within REQUEST_COOKIES:XSRF-TOKEN: eyJpdiI6IkhLWmJyQWxwU3huNmQyV0xCb1ZNNUE9PSIsInZhbHVlIjoiOU5kMEVjSWFVbS9WUG8zOGpOcy93M2IyWmdrenlFWHdFRm5lRWZsQ3RPWG1Ec3FubjRGdGp3TzJzV0pRQVg4U0dFd2pXL2VkYUt6MzhTMFJxNXI5K2JuWDVaUVJKcFhRVkdYMnRVUnQxVmZpeXhXVEpIeGQzdWFVaDlXZ0NlYm0iLCJtYWMiOiJhYTJmOGI5NTcwZDNkYThhODFmNzRjMDVmYzM2ZmVlNDVhOWI1ODNiNjg4ZjQwOTIxYjIzMDViYWYyNzhmOThlIiwidGFnIjoiIn0="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "app.pxlsolutions.com.br"] [uri "/generate"] [unique_id "ZGis2nRAiH4VmWqDgYdYYwAAAJA"], referer: https://app.pxlsolutions.com.br/dashboard

Citação

[:error] [pid 30957:tid 140424677152512] [client 45.183.32.80:52115] [client 45.183.32.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at REQUEST_COOKIES:laravel_session. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: d0x2d2d found within REQUEST_COOKIES:laravel_session: eyJpdiI6IjFCKzJOU2dmeE1nMWg2QnlvUDZqdlE9PSIsInZhbHVlIjoiRWt0YjN1VU15a0hBalVBQWhCYkV2U0J2TVFTaFRZbE9Ed0x2d2dJOFhNTVlrNmR2V3Z0RHJQOS91dFhROGtWM2Yra1VFYUVuaExEdzY5WkJxbHcrM1JlVkVhdnRqVEV5VmVXL0JkQkZUajlUTm04SFRZdFBENGhSdndYZ3JIMTkiLCJtYWMiOiJkZGM1NTI1NjljZWU3NzM0YTgyZWI4MDg2NmI0ODE3ODdjMDQ1MjFlZGJhNjcyZDY2MGRkMGIwOTY0YzdmZTU3IiwidGFnIjoiIn0="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "app.pxlsolutions.com.br"] [uri "/"] [unique_id "ZGip-IbTYcMgMszQobbBWAAAAEc"]

O aplicativo é laravel na versão mais recente com o React/Inertia.