Author Topic: mod_security is blocking roundcube  (Read 1068 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
mod_security is blocking roundcube
« on: March 11, 2024, 08:37:58 PM »
mod_security is blocking roundcube. Running free version of cwp. Please advise.
This issue came out of nowhere, server config is the same.

Roundcube Webmail 1.4.11
 CWP version: 0.9.8.1176
 csf: v14.20 (CentOS Web Panel)

Offline
*****
Re: mod_security is blocking roundcube
« Reply #1 on: March 11, 2024, 08:46:17 PM »

Offline
*
Re: mod_security is blocking roundcube
« Reply #2 on: March 12, 2024, 02:27:23 PM »
Please update Roundcube to 1.5.6 per Sandeep's instructions here:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/
Thank you!

Code: [Select]
cd /usr/local/src

rm -rf roundcube*

wget https://github.com/roundcube/roundcubemail/releases/download/1.5.6/roundcubemail-1.5.6-complete.tar.gz

tar xf roundcubemail-1.5.6-complete.tar.gz

cd roundcubemail-1.5.6

run php -v and check what version of PHP you currently have. In my case I didn't need to run this:
Code: [Select]
sed -i "s@\/usr\/bin\/env php@\/usr\/bin\/env \/usr\/local\/cwp\/php71\/bin\/php@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh

sed -i "s@\php bin@\/usr\/local\/cwp\/php71\/bin\/php bin@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh

Code: [Select]
Now run: bin/installto.sh /usr/local/cwpsrv/var/services/roundcube

sh /scripts/restart_cwpsrv

curl -s -L https://www.alphagnu.com/upload/tmp/cwp_rc_fix.sh | bash

Unfortunately this doesn't fix the issue WHEN using FORWARD EMAIL!
If I use the Compose email then send it works.

Code: [Select]
ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\n\\\\r]\\\\s*\\\\b(?:to|b?cc)\\\\b\\\\s*:.*?\\\\@" at ARGS:_message. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "103"] [id "950019"] [rev "2"] [msg "Email Injection Attack"] [data "Matched Data: \\x0d\\x0ato:
« Last Edit: March 12, 2024, 02:38:07 PM by Linux »

Offline
*
Re: mod_security is blocking roundcube
« Reply #3 on: March 12, 2024, 04:55:19 PM »
Later edit: it works but you need to LOGout of the roundcube session, clean cookies and catched data.

Offline
*****
Re: mod_security is blocking roundcube
« Reply #4 on: March 13, 2024, 02:04:19 AM »
I recommend using the Comodo ruleset instead of OWASP for Mod_Security. You will generate fewer false positives. But this requires a paid CWP Pro license, not the free version.

Offline
*
Re: mod_security is blocking roundcube
« Reply #5 on: June 04, 2024, 04:01:38 AM »
I recommend using the Comodo ruleset instead of OWASP for Mod_Security. You will generate fewer false positives. But this requires a paid CWP Pro license, not the free version.
Thank you for your advice.