Mod_security exception

[_xandih]

Hello guys

Well, this week my question is...

I have one domain that has installed an helpdesk preety good, know as kayako.
I have the mod_security installed in my server too, but when my customer enters in his admin page and wish to config some settings, he got the Forbidden page.
In apache error_logs, I got this message:

Code:

[Fri Oct 20 10:47:25 2006] [error] [client 200.146.82.253] mod_security: Access denied with code 403. Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at POST_PAYLOAD [id "300015"][rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "helpdesk.XXXXXXXXXXX.com.br"] [uri "/admin/index.php"]

My question is, how to make an exception for this domain or this page? I don't want to disable in .htaccess because I have compiled mod_security with --DDISABLE-HTACCESS-CONFIG
If anyone have some sugestion, I will apreciate

Thank you people!

Edit: Obviously, I don't want to comment this rule heheheh

[sparek-3]

In the VirtualHost entry for this VirtualHost add:

<IfModule mod_security.c>
SecFilterRemvoe 300015
</IfModule>

Alternatively you can get even more specific by using a Location block:

<IfModule mod_security.c>
<Location /somepath>
SecFilterRemvoe 300015
</Location>
</IfModule>

Notice that the ID of the mod_security rule you have is 300015 so you are wanting to remove that from the list for this specific VirtualHost. Restart Apache when you are done.

[_xandih]

In the VirtualHost entry for this VirtualHost add:

<IfModule mod_security.c>
SecFilterRemvoe 300015
</IfModule>

Alternatively you can get even more specific by using a Location block:

<IfModule mod_security.c>
<Location /somepath>
SecFilterRemvoe 300015
</Location>
</IfModule>

Notice that the ID of the mod_security rule you have is 300015 so you are wanting to remove that from the list for this specific VirtualHost. Restart Apache when you are done.

Thank you sparek-3

but I got the same error, I know that rule is correct, because I see the correct sintax in mod_security page but maybe I'm have misconfigurated anything...
bellow is my code:

Code:

<IfModule mod_security.c>
<Location /home/<user>/public_html/helpdesk/admin/ >
SecFilterRemove 300015
</Location>
</IfModule>

I already tried this variations:

Code:

1.
<Location /home/<user>/public_html/helpdesk/admin>

2.
<Directory /home/<user>/public_html/helpdesk/admin>

3.
<Location domain.com.br/helpdesk/admin >

Well... and now?

[sparek-3]

With a Location block you want to use the path as seen from the web. If you are wanting to use a file system path then you would need to use a Directory block. I'm sure there are differences between using Location blocks and Directory blocks but they are basically the same, except one is viewed from the web point of view and the other from the file system point of view.

Alternatively, you can remove that block entirely and see if it fixes it.

Judging from your examples, I believe you want something like:

<IfModule mod_security.c>
<Location /helpdesk/admin>
SecFilterRemove 300015
</Location>
</IfModule>

[_xandih]

Judging from your examples, I believe you want something like:

<IfModule mod_security.c>
<Location /helpdesk/admin>
SecFilterRemove 300015
</Location>
</IfModule>

Yeah, you are right!
Finally worked

Thank you very much sparek-3!!!

This issue is over now hehehe.