Control Web Panel
WebPanel => MySQL => Topic started by: Umbus on February 03, 2015, 01:29:43 PM
-
Hello,
Can you help? dont have permissions too upload sql to import in my mysql:
"You don't have permission to access /phpMyAdmin/import.php on this server."
Help please
-
Hello,
Can you help? dont have permissions too upload sql to import in my mysql:
"You don't have permission to access /phpMyAdmin/import.php on this server."
Help please
Are you using the root or an account user? Did you install CWP on a clean Centos build?
-
I'm using a account user.
I installed CWP in a clean Centos 6.6
-
have you tested it with root ?
-
how can i fix this. have a same problem. users can not import sql file.
403 forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
thanks
-
in the mod security module you can check logs and disable the rule which is causing issues for your query.
thanks it's work.
-
got the same error.
For others, here, you can modify this file:
/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
Find the SecRule number 981318 ...
and in front of SecRule put a comment #
Like this:
#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(^[\"'`´’‘;]+|[\"'`´’‘;]+$)" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'8',capture,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack: Common Injection Testing Detected',id:'981318',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',severity:'2',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"
***EDIT***
But if you do this, you won't be protected agains sql injection.
I recomend after you do your importing to uncomment that line, and to be easyer to find waht you modify add this line:
#***MOD***#Before any modification you make.
:)
-
disabling rules can be done by using Mod Security in the CWP.admin
-
disabling rules can be done by using Mod Security in the CWP.admin
Hi, I got the same problem and disabling the rule by its ID using Mod Security did not work (of course I restarted apache service after modify mod secutiry). Only I can import using root account, but the others users can not import.
I got this log in mod security:
[Sat Aug 08 21:18:35 2015] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "219"] [id "960915"] [rev "1"] [msg "Multipart parser detected a possible unmatched boundary."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "XX.XX.XX.XX"] [uri "/phpMyAdmin/import.php"] [unique_id "VcZyJX8AAAEAAEUhCg8AAAAC"]
And I added the ID "960915" on the file /usr/local/apache/conf/mod_sec_disabled_rules.conf:
SecRuleRemoveById 960915
Some any ideas?
Regards.
-
I believe the problem is mod_security related. rule number 960915 blocks users from importing files due to possible sql injection. I the the moderator needs to comment on this.