Author Topic: Internal Server Error after uninstall mod_security  (Read 3677 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Internal Server Error after uninstall mod_security
« on: September 12, 2015, 03:34:23 PM »
Please help me, i got internal server error just after uninstall mod_security  :'(
Here is the scenario :

- I install mod_security on my CentOS VPS
- I can't access PHPmyadmin and edit data on my website
- I check error_log
- It said like this :

Quote
[Sat Sep 12 11:04:12 2015] [error] [client 36.83.178.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:msgpost. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22. Berbagai dimensi tentang gereja sudah dibahas. Hari ini kita akan membahas dimensi yang lain yaitu antara gereja dan negara. Ini dimensi yang jarang sekali dikhotbahkan karena kurang menarik bagi kebanyakan orang, mungkin karena sudah terlanjur apatis dengan pemerintahan karena dianggap gagal mensejahterakan warganya. Melalui Firman Tuhan hari ini, kita akan belajar bagaimana kita harus bersikap terhadap negara.</p> <h3>Isi:</h3> <p>Bangsa Romawi merupakan bangsa yang sangat toleran k..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "gkriexodus.org"] [uri "/admin/article_edit_check.php"] [unique_id "VfQ@6n8AAAEAAHgeEJgAAAAJ"]

- I uninstall mod_security
- Now i can't open all my website on my server

Please help me :(

Offline
*****
Re: Internal Server Error after uninstall mod_security
« Reply #1 on: September 12, 2015, 04:24:29 PM »
Hello.

1. Mod Security rule IDs are displayed in logs like: [id "123456"] in your case, it looks [id "973335"] .
You have to open the file /usr/local/apache/conf/mod_sec_disabled_rules.conf and add new line:
SecRuleRemoveById 123456
in your case
SecRuleRemoveById 973335
(you can do that from the CWP, just click to the link: Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf in mod security page)
After making any changes in mod security configuration files you need to restart apache.

2. What kind error do you have?

Offline
*
Re: Internal Server Error after uninstall mod_security
« Reply #2 on: September 12, 2015, 05:01:40 PM »
Hello.

1. Mod Security rule IDs are displayed in logs like: [id "123456"] in your case, it looks [id "973335"] .
You have to open the file /usr/local/apache/conf/mod_sec_disabled_rules.conf and add new line:
SecRuleRemoveById 123456
in your case
SecRuleRemoveById 973335
(you can do that from the CWP, just click to the link: Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf in mod security page)
After making any changes in mod security configuration files you need to restart apache.

2. What kind error do you have?

1. Oke let me try your suggestion.
2. The error is : All my website on my VPS server can't be accces. It said Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

How to fix that? (number 2)

Offline
*****
Re: Internal Server Error after uninstall mod_security
« Reply #3 on: September 12, 2015, 05:12:09 PM »
Hi, check your log files. Unfortunately I do not have an ideas what exactly error do you have.
I guess it have a permissons troubles

Re: Internal Server Error after uninstall mod_security
« Reply #4 on: September 12, 2015, 05:33:16 PM »
why not rebuilding apache and then rebuilding virtual host file?

Offline
*
Re: Internal Server Error after uninstall mod_security
« Reply #5 on: September 14, 2015, 05:21:01 AM »
why not rebuilding apache and then rebuilding virtual host file?

You save my life, thanks a lot!