Author Topic: phpMyAdmin 403 resolution  (Read 2528 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
phpMyAdmin 403 resolution
« on: January 02, 2016, 11:04:02 AM »
I see some people had 403 errors with phpMyAdmin after enabling mod_security. Thankfully you can disable it per URL with a simple config file. You'll need to create the file and restart httpd after you've created it.

Create file '/usr/local/apache/modsecurity-crs/base_rules/00_custom_exclude.conf' and put the following code in it :

Code: [Select]
<LocationMatch /phpMyAdmin/>
 <IfModule mod_security2.c>
  SecRuleEngine Off
 </IfModule>
</LocationMatch>

then do "service httpd restart" and you'll be able to use phpMyAdmin with no issues. You can add more rules here on a per folder/file, IP or domain basis by following the guide at the Atomic Secured Linux website : http://www.atomicorp.com/wiki/index.php/Mod_security

Offline
*
Re: phpMyAdmin 403 resolution
« Reply #1 on: September 10, 2016, 04:57:57 AM »
Thanks I was facing this issue since a week and I was getting nuts. Your solution worked and now phpmyadmin works flawlessly.

Offline
*
Re: phpMyAdmin 403 resolution
« Reply #2 on: September 25, 2016, 11:30:42 PM »
Dear, I am also facing the problem of '403 Forbidden', during the working in PHPlist, some pages working fine but some pages shows the error, and i check the apache error log file and error is as under:

[Mon Sep 26 01:13:40 2016] [error] [client 178.112.88.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:browsetrail. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: & found within REQUEST_COOKIES:browsetrail: ?page=user&start=0&id=2&find=&sortby=&sortorder=desc&unconfirmed=0&blacklisted=0&tk=427"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.fashionfourseason.com"] [uri "/egulf/admin/"] [unique_id "V@haJH8AAAEAAFTdbIAAAAAA"]

Please suggest me what can i do, and whats this problem.
Regards