ModSecurity 403，COMODO WAF 在尝试访问 phpMyAdmin 时检测到 XSS

我在其中一个服务器的子域“pma”中有一个 phpMyAdmin 副本，位于其中一个名为“app”的目录中（手动从 zip 存档安装，而不是通过 yum 安装），我将其用于数据库相关管理，几个月来运行良好。几天前，当我尝试登录时，我的本地 IP 被阻止，经过大量挖掘后，我在 /var/log/apache2/error_log 中找到以下日志（出于显而易见的原因，我用 <PLACEHOLDER_TEXT> 替换了我的本地 IP 和服务器域）

[Fri Jan 07 11:37:54.198143 2022] [:error] [pid 60361] [client <IP_ADDRESS>:60532] [client <IP_ADDRESS>] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\x22'\\\\/`]on[a-z]{1,}?\\\\/{0,}=" at REQUEST_COOKIES:pmaAuth-1. [file "/var/cpanel/cwaf/rules/07_XSS_XSS.conf"] [line "162"] [id "212760"] [rev "2"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||www.pma.<DOMAIN_NAME>|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.pma.<DOMAIN_NAME>"] [uri "/app/themes/pmahomme/img/ajax_clock_small.gif"] [unique_id "Yde1ktSwsuOu5OLfWtOp8QAAAAA"], referer: http://www.pma.<DOMAIN_NAME>/app/themes/pmahomme/css/theme.css?v=5.1.1&nocache=1161605458ltr&server=1
[Fri Jan 07 11:37:54.198701 2022] [:error] [pid 60364] [client <IP_ADDRESS>:60535] [client <IP_ADDRESS>] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\x22'\\\\/`]on[a-z]{1,}?\\\\/{0,}=" at REQUEST_COOKIES:pmaAuth-1. [file "/var/cpanel/cwaf/rules/07_XSS_XSS.conf"] [line "162"] [id "212760"] [rev "2"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||www.pma.<DOMAIN_NAME>|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.pma.<DOMAIN_NAME>"] [uri "/app/index.php"] [unique_id "Yde1kjnCs4t3VK1sKGhIPAAAAAE"]
[Fri Jan 07 11:37:54.215776 2022] [core:error] [pid 60361] [client <IP_ADDRESS>:60532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.pma.<DOMAIN_NAME>/app/themes/pmahomme/css/theme.css?v=5.1.1&nocache=1161605458ltr&server=1
[Fri Jan 07 11:37:54.235059 2022] [core:error] [pid 60364] [client <IP_ADDRESS>:60535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Fri Jan 07 11:37:54.238782 2022] [:error] [pid 60364] [client <IP_ADDRESS>:60535] [client <IP_ADDRESS>] ModSecurity: Audit log: Failed to lock global mutex: Permission denied [hostname "www.pma.<DOMAIN_NAME>"] [uri "/home/<USER_NAME>/public_html/index.php"] [unique_id "Yde1kjnCs4t3VK1sKGhIPAAAAAE"]
[Fri Jan 07 11:37:54.238830 2022] [:error] [pid 60361] [client <IP_ADDRESS>:60532] [client <IP_ADDRESS>] ModSecurity: Audit log: Failed to lock global mutex: Permission denied [hostname "www.pma.<DOMAIN_NAME>"] [uri "/home/<USER_NAME>/public_html/index.php"] [unique_id "Yde1ktSwsuOu5OLfWtOp8QAAAAA"], referer: http://www.pma.<DOMAIN_NAME>/app/themes/pmahomme/css/theme.css?v=5.1.1&nocache=1161605458ltr&server=1
[Fri Jan 07 11:37:54.244507 2022] [:error] [pid 60364] [client <IP_ADDRESS>:60535] [client <IP_ADDRESS>] ModSecurity: Audit log: Failed to unlock global mutex: Permission denied [hostname "www.pma.<DOMAIN_NAME>"] [uri "/home/<USER_NAME>/public_html/index.php"] [unique_id "Yde1kjnCs4t3VK1sKGhIPAAAAAE"]
[Fri Jan 07 11:37:54.244559 2022] [:error] [pid 60361] [client <IP_ADDRESS>:60532] [client <IP_ADDRESS>] ModSecurity: Audit log: Failed to unlock global mutex: Permission denied [hostname "www.pma.<DOMAIN_NAME>"] [uri "/home/<USER_NAME>/public_html/index.php"] [unique_id "Yde1ktSwsuOu5OLfWtOp8QAAAAA"], referer: http://www.pma.<DOMAIN_NAME>/app/themes/pmahomme/css/theme.css?v=5.1.1&nocache=1161605458ltr&server=1

虽然我熟悉 SSH 和 CLI，但我不是核心服务器管理员，我花了一些时间，并得到了 ISP 和托管服务提供商的帮助，才弄清楚 CSF/LFD 中的 IP 禁止问题，但我正在努力了解实际问题，以便将来可以避免。有人能解释原因吗？谢谢！