No have permissons to import

Hello,
Can you help?  dont have permissions too upload sql to import in my mysql:

"You don't have permission to access /phpMyAdmin/import.php on this server."

Help please

Hello,
Can you help?  dont have permissions too upload sql to import in my mysql:

"You don't have permission to access /phpMyAdmin/import.php on this server."

Help please

Are you using the root or an account user? Did you install CWP on a clean Centos build?

I'm using a account user.

I installed CWP in a clean Centos 6.6

have you tested it with root ?

how can i fix this. have a same problem. users can not import sql file.

403 forbidden
You don't have permission to access /phpMyAdmin/import.php on this server.
thanks

in the mod security module you can check logs and disable the rule which is causing issues for your query.

thanks it's work.

got the same error.
For others, here, you can modify this file:
/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf

Find the SecRule number 981318 ...
and in front of SecRule put a comment #

Like this:

Code: [Select]

#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(^[\"'`´’‘;]+|[\"'`´’‘;]+$)" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'8',capture,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack: Common Injection Testing Detected',id:'981318',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',severity:'2',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"

***EDIT***
But if you do this, you won't be protected agains sql injection.
I recomend after you do your importing to uncomment that line, and to be easyer to find waht you modify add this line:

Code: [Select]

#***MOD***#Before any modification you make.

disabling rules can be done by using Mod Security in the CWP.admin

disabling rules can be done by using Mod Security in the CWP.admin

Hi, I got the same problem and disabling the rule by its ID using Mod Security did not work (of course I restarted apache service after modify mod secutiry). Only I can import using root account, but the others users can not import.

I got this log in mod security:

Code: [Select]

[Sat Aug 08 21:18:35 2015] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "219"] [id "960915"] [rev "1"] [msg "Multipart parser detected a possible unmatched boundary."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "XX.XX.XX.XX"] [uri "/phpMyAdmin/import.php"] [unique_id "VcZyJX8AAAEAAEUhCg8AAAAC"]
And I added the ID "960915" on the file /usr/local/apache/conf/mod_sec_disabled_rules.conf:

Code: [Select]

SecRuleRemoveById 960915

Some any ideas?

Regards.

I believe the problem is mod_security related.  rule number 960915 blocks users from importing files due to possible sql injection.  I the the moderator needs to comment on this.