Title: AMP Plugin Triggering ModSecurity Hits
Last modified: February 10, 2018

---

# AMP Plugin Triggering ModSecurity Hits

 *  Resolved [fidosysop](https://wordpress.org/support/users/fidosysop/)
 * (@fidosysop)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/amp-plugin-triggering-modsecurity-hits/)
 * Noticing ModSecurity hits in my WHM / cPanel v68.0.28
 * 930110 Path Traversal Attack
    Request: GET /wp-content/plugins/amp/assets/css/’../
   images/amp-icon.svg’ Action Description: Warning. Justification: Matched phrase“../”
   at REQUEST_URI.
 * Any suggestions?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Weston Ruter](https://wordpress.org/support/users/westonruter/)
 * (@westonruter)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/amp-plugin-triggering-modsecurity-hits/#post-9967280)
 * Here is the code in question that is triggering that:
 * [https://github.com/Automattic/amp-wp/blob/0.6.1/assets/css/amp-post-meta-box.css#L27-L38](https://github.com/Automattic/amp-wp/blob/0.6.1/assets/css/amp-post-meta-box.css#L27-L38)
 * I’m not sure what can be done since it needs to locate assets that are relative
   to where the stylesheet is. When I look at the request being made by Chrome it
   resolves the relative path to be: /wp-content/plugins/amp/assets/images/amp-icon.
   svg
 * Does ModSecurity indicate the user agent that was making the request. I don’t
   see why ModSecurity is reporting that as an error.
 *  Thread Starter [fidosysop](https://wordpress.org/support/users/fidosysop/)
 * (@fidosysop)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/amp-plugin-triggering-modsecurity-hits/#post-9970237)
 * Don’t know much about ModSec.. However it’s only effecting my IP when I’m logged
   in. Maybe a WordPress toolbar incompatibility somehow?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘AMP Plugin Triggering ModSecurity Hits’ is closed to new replies.

 * ![](https://ps.w.org/amp/assets/icon.svg?rev=2527602)
 * [AMP](https://wordpress.org/plugins/amp/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/amp/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/amp/)
 * [Active Topics](https://wordpress.org/support/plugin/amp/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/amp/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/amp/reviews/)

## Tags

 * [modsecurity](https://wordpress.org/support/topic-tag/modsecurity/)

 * 2 replies
 * 2 participants
 * Last reply from: [fidosysop](https://wordpress.org/support/users/fidosysop/)
 * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/amp-plugin-triggering-modsecurity-hits/#post-9970237)
 * Status: resolved