Control Web Panel

WebPanel => CentOS-WebPanel Bugs => Topic started by: Linux on March 11, 2024, 08:37:58 PM

Title: mod_security is blocking roundcube
Post by: Linux on March 11, 2024, 08:37:58 PM

mod_security is blocking roundcube. Running free version of cwp. Please advise.
This issue came out of nowhere, server config is the same.

Roundcube Webmail 1.4.11
 CWP version: 0.9.8.1176
 csf: v14.20 (CentOS Web Panel)

Title: Re: mod_security is blocking roundcube
Post by: overseer on March 11, 2024, 08:46:17 PM

Please update Roundcube to 1.5.6 per Sandeep's instructions here:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/ (https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/)

Title: Re: mod_security is blocking roundcube
Post by: Linux on March 12, 2024, 02:27:23 PM

Quote from: overseer on March 11, 2024, 08:46:17 PM

Please update Roundcube to 1.5.6 per Sandeep's instructions here:
https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/ (https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/)

Thank you!

Code: [Select]

cd /usr/local/src

rm -rf roundcube*

wget https://github.com/roundcube/roundcubemail/releases/download/1.5.6/roundcubemail-1.5.6-complete.tar.gz

tar xf roundcubemail-1.5.6-complete.tar.gz

cd roundcubemail-1.5.6

run php -v and check what version of PHP you currently have. In my case I didn't need to run this:

Code: [Select]

sed -i "s@\/usr\/bin\/env php@\/usr\/bin\/env \/usr\/local\/cwp\/php71\/bin\/php@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh

sed -i "s@\php bin@\/usr\/local\/cwp\/php71\/bin\/php bin@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh



Code: [Select]

Now run: bin/installto.sh /usr/local/cwpsrv/var/services/roundcube

sh /scripts/restart_cwpsrv

curl -s -L https://www.alphagnu.com/upload/tmp/cwp_rc_fix.sh | bash

Unfortunately this doesn't fix the issue WHEN using FORWARD EMAIL!
If I use the Compose email then send it works.

Code: [Select]

ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\n\\\\r]\\\\s*\\\\b(?:to|b?cc)\\\\b\\\\s*:.*?\\\\@" at ARGS:_message. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "103"] [id "950019"] [rev "2"] [msg "Email Injection Attack"] [data "Matched Data: \\x0d\\x0ato:


Title: Re: mod_security is blocking roundcube
Post by: Linux on March 12, 2024, 04:55:19 PM

Later edit: it works but you need to LOGout of the roundcube session, clean cookies and catched data.

Title: Re: mod_security is blocking roundcube
Post by: overseer on March 13, 2024, 02:04:19 AM

I recommend using the Comodo ruleset instead of OWASP for Mod_Security. You will generate fewer false positives. But this requires a paid CWP Pro license, not the free version.

Title: Re: mod_security is blocking roundcube
Post by: smiletransire on June 04, 2024, 04:01:38 AM

Quote from: overseer on March 13, 2024, 02:04:19 AM

I recommend using the Comodo ruleset instead of OWASP for Mod_Security. You will generate fewer false positives. But this requires a paid CWP Pro license, not the free version.

Thank you for your advice.