Victor Font Staff asked 6 months ago
After upgrading my dedicated server a few weeks ago, Formidable Forms began failing when adding custom code to forms and views.
The root cause is false ModSecurity positives for XSS scripting violations. I reported this to Strategy 11 and had a cybersecurity expert examine my analysis. The conclusion is that Formidable Forms remains perfectly safe to use and the false positives are just that, false positives.
If you have a self-managed server, VPS, or are on a shared server and are having issue with the latest OWASP Core Rule Set for ModSecurity, you can get the Formidable Forms Allow Rule Set for OWASP v.3.x on Formidable Masterminds.
Formidable Forms Triggers Multiple False ModSecurity™ Positives
Matt Grimes answered 6 months ago
had this happen too, i just added the ID of the infraction to modsecurity to bypass that rule
Using the infraction ID may be too broad. Disabling a rule disables it everywhere.
Please login or Register to submit your answer
