Activities

June 2010
M T W T F S S
« May   Jul »
 123456
78910111213
14151617181920
21222324252627
282930  

Mod_security: Denying access to specific url

I have a WHM/Cpanel installed server and create a  user  account for new hosting. But I won't wish the developers have the cpanel access and able to work with the development process.  I have installed a "PhpnyAdmin' on the hosting space. During the querry execution I hit by the following error messages,

<code>"Wed Jun 23 13:07:14 2010] [error] [client 111.62.2.21] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)" at ARGS:sql_query. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "355"] [id "300016"] [rev "2"] [msg "<strong>Generic SQL injection protection"</strong>] [severity "CRITICAL"] [hostname "domain.com"] [uri "/expodb/import.php"] [unique_id "kcSXD0WnrkAAABr6MJ8AAAAF"]

#vi /tail -f /usr/local/apache/logs/error_lo

g

Wed Jun 23 13:07:14 2010] [error] [client 116.68.92.21] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)” at ARGS:sql_query. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “355”] [id “300016“] [rev “2”] [msg “Generic SQL injection protection”] [severity “CRITICAL”] [hostname “domain.com”] [uri “/expodb/import.php”] [unique_id “kcSXD0WnrkAAABr6MJ8AAAAF”]

Where “expodb is the folder name  where PMA renamed and limited the ip access  configured.

I found mod_security  causing the issue and I  need to add exception in.

a. open the apache config file ( /usr/local/apache/conf/httpd.conf) and  add the following entry under the respective virtual host entry

<LocationMatch “/expodb/”>
SecRuleRemoveById 300016
</LocationMatch>
You can see the  SecRuleRemoveById is from the  apache  mod-security error messages.
Now it’s the turn to restart the apache and save the custom ‘http.conf’ entry to make permement.
<div>[root@host.domain.com] ~ &gt;&gt;  #/usr/local/cpanel/bin/apache_conf_distiller --update</div>
<div>Distilled successfully</div>
</div>
<div># /usr/local/apache/bin/apachectl restart</div>

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>