Here's what I am running:
WHM 11.11.0 cPanel 11.15.0-R18373
REDHAT 5.1 i686 on standard - WHM X v3.1.0
Also using Apache 2.2
ISSUE: If you switch on/install the cPanel mod_security ruleset, this particular rule will make it impossible for anyone to manage their e-lists (MailMan) as access to the e-list admin page incurrs the 406 error:
# Restrict file extension
# removed exe so that frontpage will work
SecRule REQUEST_BASENAME "\.(?:c(?
(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|$
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,msg:'URL file extension is restricted by policy', severity:'2',id:'960035'"
-----------
Here's the error that was being hit because of this (I changed listed IP and some other info):
[Tue Dec 11 11:16:32 2007] [error] [client 11.11.11.11] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\.(?:c(?
(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?
urces|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht[rw]|xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"] [hostname "domain.com"] [uri "/mailman/dirname/listname_domain.com"] [unique_id "39Mjw8-a8MIAADDjDfoAAAAE"]
-----------
Because there are several disallowed extensions in this particular rule, I have not been able to discover exactly which part of this rule that is in conflict, so I had to comment out the entire rule.
Questions:
-- How could cPanel have missed this conflict with their own cPanel e-list utility?
and
-- Is there anyway of discovering which part of this rule that is being violated?
Thanks.
WHM 11.11.0 cPanel 11.15.0-R18373
REDHAT 5.1 i686 on standard - WHM X v3.1.0
Also using Apache 2.2
ISSUE: If you switch on/install the cPanel mod_security ruleset, this particular rule will make it impossible for anyone to manage their e-lists (MailMan) as access to the e-list admin page incurrs the 406 error:
# Restrict file extension
# removed exe so that frontpage will work
SecRule REQUEST_BASENAME "\.(?:c(?
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,msg:'URL file extension is restricted by policy', severity:'2',id:'960035'"
-----------
Here's the error that was being hit because of this (I changed listed IP and some other info):
[Tue Dec 11 11:16:32 2007] [error] [client 11.11.11.11] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\.(?:c(?
-----------
Because there are several disallowed extensions in this particular rule, I have not been able to discover exactly which part of this rule that is in conflict, so I had to comment out the entire rule.
Questions:
-- How could cPanel have missed this conflict with their own cPanel e-list utility?
and
-- Is there anyway of discovering which part of this rule that is being violated?
Thanks.