Control Web Panel

WebPanel => Apache => Topic started by: lungkao on October 23, 2014, 01:27:31 AM

Title: Mod Security issues
Post by: lungkao on October 23, 2014, 01:27:31 AM

 i Enable Mod Security

use joomla! cms

Can't save or Close on edit content
show 403
Forbidden

You don't have permission to access /administrator/index.php on this server.
 :'(
error log

Code: [Select]

[Thu Oct 23 08:04:13 2014] [error] [client 10.211.55.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:jform[articletext]. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: p>sss found within ARGS:jform[articletext]:
sss

"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "user3.com"] [uri "/administrator/index.php"] [unique_id "VEjuvX8AAAEAACq27rsAAAAD"]

Title: Re: Mod Security issues
Post by: Administrator on October 23, 2014, 10:03:10 PM

using mod security module in the cwp you can manually white list rules

in your example rule id is [id "950901"]:
950901