Our host is alerting us to some issues with mod_sec on our Linux server.
These errors appear to be coming from our Auth0 integration. Is there a setting we may have wrong in our Auth0 dashboard tenant?
[Wed Oct 12 09:17:09.733063 2022] [:error] [pid 49300:tid 47073895634688] [client 71.187.57.80:54359] [client 71.187.57.80] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/etc/apache2/conf.d/modsec2/10_asl_rules.conf"] [line "486"] [id "340162"] [rev "290"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)"] [data "klone-prod.us.auth0.com/"] [severity "CRITICAL"] [hostname "klone.kloneu.com"] [uri "/"] [unique_id "Y0a-Vaar0p-xcOND7pCQiQAAANU"]
[Wed Oct 12 10:17:13.595761 2022] [:error] [pid 49300:tid 47073899837184] [client 50.226.60.148:63575] [client 50.226.60.148] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/etc/apache2/conf.d/modsec2/10_asl_rules.conf"] [line "486"] [id "340162"] [rev "290"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)"] [data "klone-prod.us.auth0.com/"] [severity "CRITICAL"] [hostname "klone.kloneu.com"] [uri "/"] [unique_id "Y0bMaaar0p-xcOND7pCdWwAAANc"]
[Wed Oct 12 11:38:31.541537 2022] [:error] [pid 2987:tid 47074018133760] [client 172.58.164.51:1158] [client 172.58.164.51] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/etc/apache2/conf.d/modsec2/10_asl_rules.conf"] [line "486"] [id "340162"] [rev "290"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)"] [data "dev-zez17z9k.us.auth0.com/"] [severity "CRITICAL"] [hostname "klone.inthooz.com"] [uri "/"] [unique_id "Y0bfd4rda8b8KTsvbwU2GAAAAK8"], referer: https://accounts.google.com/