Skip to content

False positive "Possible attack detected" when adding a rule on directive snippet

Summary

ISPConfig flags a false positive "Possible attack detected" when adding a valid Nginx directive to block PHP in WordPress uploads.

Steps to reproduce

  1. Go to System → Directive snippet → My Saved Directive Snippet.
  2. Add:
location ~* ^/wp-content/uploads/.*\.php$ {
    deny all;
}
  1. Save the snippet.

Correct behaviour

ISPConfig should accept the snippet without triggering a security warning.

Environment

Server OS: Ubuntu 24.04.3 ISPConfig: 3.3.0p1 Nginx: 1.29.3 PHP: 8.3

Proposed fix

Allow valid Nginx regex snippets like this in input validation.

Related log entries

Possible attack detected. This action has been logged.