The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_security exception

Discussion in 'Security' started by AlexandreVeezon, Oct 20, 2006.

  1. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Hello guys

    Well, this week my question is... :)

    I have one domain that has installed an helpdesk preety good, know as kayako.
    I have the mod_security installed in my server too, but when my customer enters in his admin page and wish to config some settings, he got the Forbidden page.
    In apache error_logs, I got this message:

    Code:
    [Fri Oct 20 10:47:25 2006] [error] [client 200.146.82.253] mod_security: Access denied with code 403. Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at POST_PAYLOAD [id "300015"][rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "helpdesk.XXXXXXXXXXX.com.br"] [uri "/admin/index.php"]
    
    My question is, how to make an exception for this domain or this page? I don't want to disable in .htaccess because I have compiled mod_security with --DDISABLE-HTACCESS-CONFIG
    If anyone have some sugestion, I will apreciate :D

    Thank you people! :cool:

    Edit: Obviously, I don't want to comment this rule heheheh
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    In the VirtualHost entry for this VirtualHost add:

    <IfModule mod_security.c>
    SecFilterRemvoe 300015
    </IfModule>


    Alternatively you can get even more specific by using a Location block:

    <IfModule mod_security.c>
    <Location /somepath>
    SecFilterRemvoe 300015
    </Location>
    </IfModule>


    Notice that the ID of the mod_security rule you have is 300015 so you are wanting to remove that from the list for this specific VirtualHost. Restart Apache when you are done.
     
  3. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Thank you sparek-3

    but I got the same error, I know that rule is correct, because I see the correct sintax in mod_security page but maybe I'm have misconfigurated anything...
    bellow is my code:

    Code:
    <IfModule mod_security.c>
    <Location /home/<user>/public_html/helpdesk/admin/ >
    SecFilterRemove 300015
    </Location>
    </IfModule>
    
    I already tried this variations:

    Code:
    [B]1.[/B]
    <Location /home/<user>/public_html/helpdesk/admin>
    
    [B]2.[/B]
    <Directory /home/<user>/public_html/helpdesk/admin>
    
    [B]3.[/B]
    <Location domain.com.br/helpdesk/admin >
    
    Well... and now? :cool:
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    With a Location block you want to use the path as seen from the web. If you are wanting to use a file system path then you would need to use a Directory block. I'm sure there are differences between using Location blocks and Directory blocks but they are basically the same, except one is viewed from the web point of view and the other from the file system point of view.

    Alternatively, you can remove that block entirely and see if it fixes it.

    Judging from your examples, I believe you want something like:

    <IfModule mod_security.c>
    <Location /helpdesk/admin>
    SecFilterRemove 300015
    </Location>
    </IfModule>
     
  5. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator

    Yeah, you are right!
    Finally worked :D

    Thank you very much sparek-3!!!

    This issue is over now hehehe.
     
Loading...

Share This Page