www.thiswebhost.com	59.167.201.148	211720	[26/Aug/2014:06:23:30 +0100] 
Pattern match "(?i:(?:merge.*?using\\s*?\\()|(execute\\s*?immediate\\s*?[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98])|(?:\\W+\\d*?\\s*?having\\s*?[^\\s\\-])|(?:match\\s*?[\\w(),+-]+\\s*?against\\s*?\\())" at ARGS:subject. [file "/var/cpanel/cwaf/rules/cwaf_02.conf"] [line "390"] [id "211720"] [msg "COMODO WAF: Detects MATCH AGAINST"] [data "Matched Data: having e found within ARGS:subject: Client having email issues"] [severity "CRITICAL"]
[26/Aug/2014:06:23:30 +0100] U-wZ0tRH7RcAAAM-PtoAAAAH 59.167.201.148 58141 212.71.252.134 443
--8653e16f-B--
POST /clients/submitticket.php?step=3 HTTP/1.1
Host: www.thiswebhost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.thiswebhost.com/clients/submitticket.php?step=2&deptid=1
Cookie: pagelimit=99999999; MintUnique=1; MintUniqueLocation=1; __utma=192818159.764250087.1330392512.1380867518.1381049552.57; 
<snipped>
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------2281813131785017696445868082
Content-Length: 1748

--8653e16f-C--
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="token" 

<token snipped>
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="subject" 

Client having email issues 
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="deptid" 

1 
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="relatedservice" 

S1692 
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="urgency" 

High 
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="message" 

<client ticket text snipped>
-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="attachments[]"; filename="" 
Content-Type: application/octet-stream 


-----------------------------2281813131785017696445868082 
Content-Disposition: form-data; name="save" 

Submit 
-----------------------------2281813131785017696445868082-- 

--8653e16f-F--
HTTP/1.1 302 Found
Location: http://www.thiswebhost.com/shared.html
Content-Length: 222
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

--8653e16f-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:merge.*?using\\s*?\\()|(execute\\s*?immediate\\s*?[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98])|(?:\\W+\\d*?\\s*?having\\s*?[^\\s\\-])|(?:match\\s*?[\\w(),+-]+\\s*?against\\s*?\\())" at ARGS:subject. [file "/var/cpanel/cwaf/rules/cwaf_02.conf"] [line "390"] [id "211720"] [msg "COMODO WAF: Detects MATCH AGAINST"] [data "Matched Data: having e found within ARGS:subject: Client having email issues"] [severity "CRITICAL"]
Action: Intercepted (phase 2)
Stopwatch: 1409030610089366 12507 (- - -)
Stopwatch2: 1409030610089366 12507; combined=2389, p1=390, p2=1771, p3=0, p4=0, p5=126, sr=133, sw=102, l=0, gc=0
Producer: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/); COMODO WAF: rules for Apache 2.4.
Server: Apache
Engine-Mode: "ENABLED"