Hello guys
Well, this week my question is...
I have one domain that has installed an helpdesk preety good, know as kayako.
I have the mod_security installed in my server too, but when my customer enters in his admin page and wish to config some settings, he got the Forbidden page.
In apache error_logs, I got this message:
My question is, how to make an exception for this domain or this page? I don't want to disable in .htaccess because I have compiled mod_security with --DDISABLE-HTACCESS-CONFIG
If anyone have some sugestion, I will apreciate :D
Thank you people!
Edit: Obviously, I don't want to comment this rule heheheh
Well, this week my question is...
I have one domain that has installed an helpdesk preety good, know as kayako.
I have the mod_security installed in my server too, but when my customer enters in his admin page and wish to config some settings, he got the Forbidden page.
In apache error_logs, I got this message:
Code:
[Fri Oct 20 10:47:25 2006] [error] [client 200.146.82.253] mod_security: Access denied with code 403. Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at POST_PAYLOAD [id "300015"][rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "helpdesk.XXXXXXXXXXX.com.br"] [uri "/admin/index.php"]
If anyone have some sugestion, I will apreciate :D
Thank you people!
Edit: Obviously, I don't want to comment this rule heheheh