Author Topic: Mod Security issues  (Read 11241 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Mod Security issues
« on: October 23, 2014, 01:27:31 AM »
 i Enable Mod Security

use joomla! cms

Can't save or Close on edit content
show 403
Forbidden

You don't have permission to access /administrator/index.php on this server.
 :'(
error log
Code: [Select]
[Thu Oct 23 08:04:13 2014] [error] [client 10.211.55.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:jform[articletext]. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: p>sss found within ARGS:jform[articletext]:
sss

"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "user3.com"] [uri "/administrator/index.php"] [unique_id "VEjuvX8AAAEAACq27rsAAAAD"]

Offline
*
Re: Mod Security issues
« Reply #1 on: October 23, 2014, 10:03:10 PM »
using mod security module in the cwp you can manually white list rules

in your example rule id is [id "950901"]:
950901
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services