Mod Security blocking mailman lists

[webicom]

Hello,

Im not expert for Mod security rules so I would like to ask some of you to help me. Im using Apache 2.0.63 and cpanel WHM 11.23.2. Since few days ago when I enabled Mod security mailman lists are not accesseable. Mod security blockes them with 406 Not Acceptable code. How could I modify mod security rules or remove only the rule wich is blocking mailing lists? I would like to use mod security but do not know nothing about tweaking rules. Im using default rules set from WHM mod security section.

Any suggestion from you will be appreciated.

Regards, Erik

 

[nickp666]

what is the 'Mod Security' WHM plugin showing for these 406 errors? if you post the log messages someone may be able to point you in the right direction

 

[webicom]

Hello,

This is mod security message when blocking:

Access denied with code 406 (phase 2). Pattern match "\\.(?:c(?(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?urces|x)|l(?:icx|nk|og)|\\w{,5}~|webinfo|ht[rw]|xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"]


Regards, Erik

 

[Infopro]

You should be able to make out the rule by the number on it, 960035.

Via WHM > Mod Security section you can edit the config and search the file for the number and remove the line if needed.
Are you using the default cPanel ruleset?

 

[webicom]

Hello

You are right infopro. I forgot about mod security 2.1 and 2.5 and in this newer version it is easier to point roule. Thanks for your tip coz I did not and would not figure it out by my self. In this case on this server I have version 2.5 and with your help problem is solved.

I have one more question if you do not mind. Is it possible for mod security 2.5 to set rule to ignore let say just one domain but still valid for other domains on the server?

Regards, Erik

 

[Infopro]

You might try this post:
http://forums.cpanel.net/showthread.php?p=350851#post350851

 

[webicom]

I will try it but not right now but thank you very much for all your help. Your tips did a lot for me, so thanx again.
Since it is the same topic I will ask if there is a good web site where I could learn about mod security rules for version 1.x and 2.x? I found some sites but they are more for experts then beginers.

Best regards, Erik

 

[nickp666]

Heres a couple for you to start with:

http://www.modsecurity.org/ is where you will find docs on how mod_security works and how to write your own rules.

http://www.gotroot.com has an extensive rule set that you can download

 

[anushkumar]

Still have this trouble?

Another easy way to get this by passed is to edit your modsec.user.conf file under the apache conf directory.

Edit that file and you will see a line :

SecFilter "/admin/banner_manager.php|/sohoadmin/program/modules/site_templates/pages|/gold.php|/sohoadmin/program" allow

or similar

for example, if you get /mailman/admindb/mailinglist name blocked

Add the blocked directory as below :

SecFilter "/admin/banner_manager.php|/sohoadmin/program/modules/site_templates/pages|/gold.php|/sohoadmin/program|/mailman/admindb/mailinglist name" allow

restart apache.