This is a dangerous rule. I just found this in my error_log:

client 66.249.71.99] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith http:/%{SERVER_NAME}/" against "MATCHED_VAR" required. [file "/usr/local/apache/conf/gotroot/10_asl_rules.conf"] [line "486"] [id "340162"] [rev "244"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data "http:/"] [severity "CRITICAL"] [uri "/page/339"] [unique_id "Tjzbp0VJrPIAAAb2LH4AAAAY"]

I looked up 66.249.71.99 and it's Google!

Please advise how to make sure your rules won't block Google


Thanks
Oliver

Thank you the report, we are sorry to hear that you have run into a false positive but do appreciate you reporting it to us. We will get this resolved for you quickly.

To help us to determine the cause of this problem, we need a little more information. Although you have provided use with Apache error logs, this does not provide us with any of the information we need to help you with this problem. We require the modsecurity audit records for each event, as explained in the sticky forum post at the top of this forum:

viewtopic.php?f=14&t=4573

That post links to the procedure we have documented to help you provide this information to us, here is a link to it again:

https://www.atomicorp.com/wiki/index.ph ... _Positives

If you could kindly follow that procedure and send us the information described there, we can get a fix for your issue out to you quickly.

Thank you in advance.