Author Topic: No have permissons to import  (Read 22254 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
No have permissons to import
« on: February 03, 2015, 01:29:43 PM »
Hello,
Can you help?  dont have permissions too upload sql to import in my mysql:

"You don't have permission to access /phpMyAdmin/import.php on this server."

Help please

Offline
*
Re: No have permissons to import
« Reply #1 on: February 03, 2015, 03:28:24 PM »
Hello,
Can you help?  dont have permissions too upload sql to import in my mysql:

"You don't have permission to access /phpMyAdmin/import.php on this server."

Help please

Are you using the root or an account user? Did you install CWP on a clean Centos build?

Offline
*
Re: No have permissons to import
« Reply #2 on: February 03, 2015, 07:49:36 PM »
I'm using a account user.

I installed CWP in a clean Centos 6.6

Offline
*
Re: No have permissons to import
« Reply #3 on: February 04, 2015, 02:05:03 AM »
have you tested it with root ?
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: No have permissons to import
« Reply #4 on: March 06, 2015, 07:51:58 PM »
how can i fix this. have a same problem. users can not import sql file.

403 forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
thanks

Offline
*
Re: No have permissons to import
« Reply #5 on: March 06, 2015, 08:18:00 PM »
in the mod security module you can check logs and disable the rule which is causing issues for your query.

thanks it's work.

Offline
*
Re: No have permissons to import
« Reply #6 on: March 19, 2015, 04:00:57 PM »
got the same error.
For others, here, you can modify this file:
/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf

Find the SecRule number 981318 ...
and in front of SecRule put a comment #

Like this:

Code: [Select]
#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(^[\"'`´’‘;]+|[\"'`´’‘;]+$)" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'8',capture,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack: Common Injection Testing Detected',id:'981318',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',severity:'2',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"

***EDIT***
But if you do this, you won't be protected agains sql injection.
I recomend after you do your importing to uncomment that line, and to be easyer to find waht you modify add this line:

Code: [Select]
#***MOD***#Before any modification you make.
:)
« Last Edit: March 19, 2015, 04:02:48 PM by tedeu »

Offline
*
Re: No have permissons to import
« Reply #7 on: March 24, 2015, 05:41:50 PM »
disabling rules can be done by using Mod Security in the CWP.admin
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: No have permissons to import
« Reply #8 on: August 08, 2015, 09:41:27 PM »
disabling rules can be done by using Mod Security in the CWP.admin

Hi, I got the same problem and disabling the rule by its ID using Mod Security did not work (of course I restarted apache service after modify mod secutiry). Only I can import using root account, but the others users can not import.

I got this log in mod security:

Code: [Select]
[Sat Aug 08 21:18:35 2015] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "219"] [id "960915"] [rev "1"] [msg "Multipart parser detected a possible unmatched boundary."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "XX.XX.XX.XX"] [uri "/phpMyAdmin/import.php"] [unique_id "VcZyJX8AAAEAAEUhCg8AAAAC"]
And I added the ID "960915" on the file /usr/local/apache/conf/mod_sec_disabled_rules.conf:

Code: [Select]
SecRuleRemoveById 960915

Some any ideas?

Regards.
« Last Edit: August 08, 2015, 10:00:46 PM by henryseron »

Offline
***
Re: No have permissons to import
« Reply #9 on: February 14, 2016, 02:33:23 AM »
I believe the problem is mod_security related.  rule number 960915 blocks users from importing files due to possible sql injection.  I the the moderator needs to comment on this.