Hello,
I have a very strange problem which I am having no success debugging. I’m using a Cpanel/WHM server setup with several different web sites and frameworks (Wordpress, Yii2, etc.)
I added a custom Modsec Rule in ModsecTools of apache :
SecRule STREAM_OUTPUT_BODY “@rsub s/<\/html>/<a href=\“http:\/\/\”><\/a><\/html>/” “id:‘999001’,phase:4,t:none,nolog,pass”
this rule cause an injection of <a href=""></a> just above the closing </html> tag of any page served up by Apache.
After enabling the rule, I checked that indeed the <a href=""></a> tag is injected just above the closing </html> tag of all other pages (ie. on any Wordpress sites we are hosting on this server etc). The only application that does not load properly is the Yii2 application. Basically, any page you go to on the Yii2 application just shows a blank page with no errors. [Note. I am in Debug mode for the Yii2 application here and development environment:
define(‘YII_DEBUG’, true);
define(‘YII_ENV’, ‘dev’);
Disabling the rule in Modsec causes all pages to be rendered properly. Hence, the issue must be in the modsec rule + Yii2 framework interaction.
I have scanned all apache and server log files, including all the error_log files and debug folders of the yii application and there are no errors generated. Nor do any show when loading the page since it just comes back blank.
Could someone please help me out? Does Yii2 framework have a bug when STREAM_OUTPUT_BODY rule of ModSecurity is used to inject some content ?
Thank you for your time.