[mod-security-users] mod_security blocking many PHPMyAdmin functions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] mod_security blocking many PHPMyAdmin functions
|
From: Kai S. <mai...@co...> - 2006-05-22 00:19:56
|
mod_security blocks many of the PHPMyAdmin actions/pages (different pages on different PHPMyAdmin pages). There's already a rule that excludes some rules for applying to PHPMyAdmin. But it's not enough. How can I expand that? #PhpMyadmin <LocationMatch "/tbl_change.php"> SecFilterRemove 300016 </LocationMatch> mod_security still blocks this page, probably because it doesn't exclude all possible matches. It seems to apply to the line below (from rules.conf) with "id:300016". It's not clear to me if it applies to the next line as well. It's obviously the next line that triggers the blocking because there's a "select from" statement in the URL (many of the PHPMyAdmin URLs contain complete SQL queries). How can I exclude that next line for this page as well? #Generic SQL sigs SecFilterSelective ARGS "(or.+1[[:space:]]*=[[:space:]]1|(or 1=1|'.+)--')" "id:300014,rev:1,severity:2,msg:'Generic SQL injection protection'" SecFilterSelective ARGS "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:300015,rev:1,severity:2,msg:'Generic SQL injection protection'" SecFilterSelective REQUEST_URI "!(/forum/posting\.php)" "chain,id:300016,rev:1,severity:2,msg:'Generic SQL injection protection'" SecFilterSelective ARGS "(insert[[:space:]]+into.+values|select.+from|bulk[[:space:]]+insert|union.+select)" Kai |
