Security issues

[jangatzke]

I have protected Koillection with an Apache2 reverse proxy. I needed to configure a lot of exceptions to make it work. The following ModSecurity IDs need to be skipped:

981173
960015
973338
981231
981172

Log examples:

ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:REMEMBERME. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "157"] [id "981172"]

ModSecurity: Warning. Pattern match "(?i)((?:=|U\\\\s*R\\\\s*L\\\\s*\\\\()\\\\s*[^>]*\\\\s*S\\\\s*C\\\\s*R\\\\s*I\\\\s*P\\\\s*T\\\\s*:|&colon;|[\\\\s\\\\S]allowscriptaccess[\\\\s\\\\S]|[\\\\s\\\\S]src[\\\\s\\\\S]|[\\\\s\\\\S]data:text\\\\/html[\\\\s\\\\S]|[\\\\s\\\\S]xlink:href[\\\\s\\\\S]|[\\\\s\\\\S]base64[\\\\s\\\\S]|[\\\\s\\\\S]xmlns[\\\\s\\\\S]|[\\\\s\\\\S]xht ..." at ARGS:collection[file]. [file "/usr/apache/conf/waf/modsecurity_crs_xss_attacks.conf"] [line "28"] [id "973338"]

ModSecurity: Warning. Pattern match "(?i)((?:=|U\\\\s*R\\\\s*L\\\\s*\\\\()\\\\s*[^>]*\\\\s*S\\\\s*C\\\\s*R\\\\s*I\\\\s*P\\\\s*T\\\\s*:|&colon;|[\\\\s\\\\S]allowscriptaccess[\\\\s\\\\S]|[\\\\s\\\\S]src[\\\\s\\\\S]|[\\\\s\\\\S]data:text\\\\/html[\\\\s\\\\S]|[\\\\s\\\\S]xlink:href[\\\\s\\\\S]|[\\\\s\\\\S]base64[\\\\s\\\\S]|[\\\\s\\\\S]xmlns[\\\\s\\\\S]|[\\\\s\\\\S]xht ..." at ARGS:collection[file]. [file "/usr/apache/conf/waf/modsecurity_crs_xss_attacks.conf"] [line "28"] [id "973338"]

ModSecurity: Warning. Pattern match "(asfunction|javascript|vbscript|data|mocha|livescript):" at ARGS:collection[file]. [file "/usr/apache/conf/waf/modsecurity_crs_xss_attacks.conf"] [line "351"] [id "973305"] [rev "2"] [msg "XSS Attack Detected"]