starred/bunkerweb-templates
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb-templates.git synced 2026-04-24 20:05:49 +03:00
Code Issues 1 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #6] [BUG] Jellyfin Modsec false positive #2

New issue
Closed
opened 2026-03-02 03:02:28 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 03:02:28 +03:00
Owner
Copy link

Originally created by @Streetlamp123 on GitHub (Feb 13, 2026).
Original GitHub issue: https://github.com/bunkerity/bunkerweb-templates/issues/6

Originally assigned to: @YouKyi, @TheophileDiot on GitHub.

What happened?

I've been getting this error recently while using the jellyfin template:

ModSecurity: Warning. Matched "Operator PmFromFile' with parameter restricted-files.data' against variable REQUEST_FILENAME' (Value: /web/node_modules.history.bundle.js' ) [file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "126"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: .history found within REQUEST_FILENAME: /web/node_modules.history.bundle.js"] [severity "2"] [ver "OWASP_CRS/4.23.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "jellyfin.example.com"] [uri "/web/node_modules.history.bundle.js"] [unique_id "177099858289.253829"] [ref "o17,8v4,35t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"]

I've added this exception to the template but am still seeing the issue. Not sure what I'm doing wrong. I'm not well versed with Modsec rules unfortunately

SecRule REQUEST_FILENAME "/web/node_modules.history.bundle.js"
"id:930130,
nolog,
ctl:ruleRemoveById=930130,
ctl:ruleRemoveById=949110"

How to reproduce?

Use the jellyfin template, setup a jellyfin instance and attempt to go to the main page

Template name(s)

Jellyfin

How is the template imported?

  • Plugin bundle
  • Web UI upload
  • Other (explain in Additional context)

BunkerWeb version

1.6.8

What integration are you using?

All-in-one

Configuration file(s) or overrides

Relevant log output

ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `restricted-files.data' against variable `REQUEST_FILENAME' (Value: `/web/node_modules.history.bundle.js' ) [file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "126"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: .history found within REQUEST_FILENAME: /web/node_modules.history.bundle.js"] [severity "2"] [ver "OWASP_CRS/4.23.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "jellyfin.example.com"] [uri "/web/node_modules.history.bundle.js"] [unique_id "177099858289.253829"] [ref "o17,8v4,35t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"]

Additional context

No response

Removed private data

  • I removed all private data from configs and logs.

Code of Conduct

  • I agree to follow this project's Code of Conduct.
Originally created by @Streetlamp123 on GitHub (Feb 13, 2026). Original GitHub issue: https://github.com/bunkerity/bunkerweb-templates/issues/6 Originally assigned to: @YouKyi, @TheophileDiot on GitHub. ### What happened? I've been getting this error recently while using the jellyfin template: ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `restricted-files.data' against variable `REQUEST_FILENAME' (Value: `/web/node_modules.history.bundle.js' ) [file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "126"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: .history found within REQUEST_FILENAME: /web/node_modules.history.bundle.js"] [severity "2"] [ver "OWASP_CRS/4.23.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "jellyfin.example.com"] [uri "/web/node_modules.history.bundle.js"] [unique_id "177099858289.253829"] [ref "o17,8v4,35t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"] I've added this exception to the template but am still seeing the issue. Not sure what I'm doing wrong. I'm not well versed with Modsec rules unfortunately SecRule REQUEST_FILENAME "/web/node_modules.history.bundle.js" \ "id:930130,\ nolog,\ ctl:ruleRemoveById=930130,\ ctl:ruleRemoveById=949110" ### How to reproduce? Use the jellyfin template, setup a jellyfin instance and attempt to go to the main page ### Template name(s) Jellyfin ### How is the template imported? - [ ] Plugin bundle - [x] Web UI upload - [ ] Other (explain in Additional context) ### BunkerWeb version 1.6.8 ### What integration are you using? All-in-one ### Configuration file(s) or overrides ```text ``` ### Relevant log output ```shell ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `restricted-files.data' against variable `REQUEST_FILENAME' (Value: `/web/node_modules.history.bundle.js' ) [file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "126"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: .history found within REQUEST_FILENAME: /web/node_modules.history.bundle.js"] [severity "2"] [ver "OWASP_CRS/4.23.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "jellyfin.example.com"] [uri "/web/node_modules.history.bundle.js"] [unique_id "177099858289.253829"] [ref "o17,8v4,35t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"] ``` ### Additional context _No response_ ### Removed private data - [x] I removed all private data from configs and logs. ### Code of Conduct - [x] I agree to follow this project's Code of Conduct.
kerem 2026-03-02 03:02:28 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-02 03:02:29 +03:00
Author
Owner
Copy link

@blathers123 commented on GitHub (Feb 20, 2026):

Thanks @TheophileDiot !!

<!-- gh-comment-id:3935565069 --> @blathers123 commented on GitHub (Feb 20, 2026): Thanks @TheophileDiot !!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
dependabot/github_actions/dev/softprops/action-gh-release-3.0.0
dependabot/github_actions/dev/softprops/action-gh-release-2.6.1
dependabot/github_actions/dev/softprops/action-gh-release-2.5.0
dependabot/github_actions/dev/actions/checkout-6.0.2
dependabot/github_actions/actions/checkout-6.0.2
dependabot/github_actions/actions/checkout-6.0.1
dependabot/github_actions/softprops/action-gh-release-2.5.0
dependabot/github_actions/actions/checkout-6.0.0
dependabot/github_actions/softprops/action-gh-release-2.4.2
0.4
dev
0.3
0.2
v0.1
Labels
Clear labels   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/bunkerweb-templates#2
No description provided.