The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security blocking mailman lists

Discussion in 'Security' started by webicom, Nov 24, 2008.

  1. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Hello,

    Im not expert for Mod security rules so I would like to ask some of you to help me. Im using Apache 2.0.63 and cpanel WHM 11.23.2. Since few days ago when I enabled Mod security mailman lists are not accesseable. Mod security blockes them with 406 Not Acceptable code. How could I modify mod security rules or remove only the rule wich is blocking mailing lists? I would like to use mod security but do not know nothing about tweaking rules. Im using default rules set from WHM mod security section.

    Any suggestion from you will be appreciated.

    Regards, Erik
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    what is the 'Mod Security' WHM plugin showing for these 406 errors? if you post the log messages someone may be able to point you in the right direction
     
  3. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Hello,

    This is mod security message when blocking:

    Access denied with code 406 (phase 2). Pattern match "\\.(?:c(?:eek:(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:eek:urces|x)|l(?:icx|nk|og)|\\w{,5}~|webinfo|ht[rw]|xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"]


    Regards, Erik
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,480
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should be able to make out the rule by the number on it, 960035.

    Via WHM > Mod Security section you can edit the config and search the file for the number and remove the line if needed.
    Are you using the default cPanel ruleset?
     
  5. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Hello

    You are right infopro. I forgot about mod security 2.1 and 2.5 and in this newer version it is easier to point roule. Thanks for your tip coz I did not and would not figure it out by my self. In this case on this server I have version 2.5 and with your help problem is solved.

    I have one more question if you do not mind. Is it possible for mod security 2.5 to set rule to ignore let say just one domain but still valid for other domains on the server?

    Regards, Erik
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,480
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  7. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    I will try it but not right now but thank you very much for all your help. Your tips did a lot for me, so thanx again.
    Since it is the same topic I will ask if there is a good web site where I could learn about mod security rules for version 1.x and 2.x? I found some sites but they are more for experts then beginers.

    Best regards, Erik
     
  8. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
  9. anushkumar

    anushkumar Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Still have this trouble?

    Another easy way to get this by passed is to edit your modsec.user.conf file under the apache conf directory.

    Edit that file and you will see a line :

    Code:
    SecFilter "/admin/banner_manager.php|/sohoadmin/program/modules/site_templates/pages|/gold.php|/sohoadmin/program" allow
    or similar

    for example, if you get /mailman/admindb/mailinglist name blocked

    Add the blocked directory as below :

    Code:
    SecFilter "/admin/banner_manager.php|/sohoadmin/program/modules/site_templates/pages|/gold.php|/sohoadmin/program|/mailman/admindb/mailinglist name" allow
    restart apache.
     
    #9 anushkumar, Nov 25, 2008
    Last edited by a moderator: Nov 25, 2008
Loading...

Share This Page