Re: [mod-security-users] mod_security blocking many PHPMyAdmin functions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security blocking many PHPMyAdmin functions
|
From: Ivan R. <iva...@gm...> - 2006-05-22 08:56:41
|
On 5/22/06, Kai Schaetzl <mai...@co...> wrote: > mod_security blocks many of the PHPMyAdmin actions/pages > (different pages on different PHPMyAdmin pages). Surely you mean to say your ModSecurity *configuration* blocks the PHPMyAdmin pages? :) > There's > already a rule that excludes some rules for applying to > PHPMyAdmin. But it's not enough. How can I expand that? > > #PhpMyadmin > <LocationMatch "/tbl_change.php"> > SecFilterRemove 300016 > </LocationMatch> > > mod_security still blocks this page, probably because it doesn't > exclude all possible matches. It seems to apply to the line below > (from rules.conf) with "id:300016". > It's not clear to me if it applies to the next line as well. Rule IDs are applied either to rules (single line) or rule chains (multiple lines). Rule 300016 is a chained rule thus exclusion applies to the second line too. BTW, you should exclude all rules related to SQL Injection in order to get PHPMyAdmin to work properly. > It's > obviously the next line that triggers the blocking because there's a > "select from" statement in the URL (many of the PHPMyAdmin URLs contain c= omplete > SQL queries). What is the error message that you get? --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
