+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: mod-security2 and awstats = error 500 (/thread-3633.html)
mod-security2 and awstats = error 500 - prale - 06-28-2008 11:12 PM
[Sat Jun 28 14:40:45 2008] [error] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?
[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\\w{0,5}~|webinfo|ht[rw]|xs[dx]| ..." at REQUEST_BASENAME. [file "/etc/modsecurity2/modsecurity_crs_30_http_policy.conf"] [line "94"] [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"] [tag "POLICY/EXT_RESTRICTED"] [hostname "localhost"] [uri "/awstats/mydomain.com"] [unique_id "VdBaplGpgkIAAAmZH2QAAABN"]I dissabled mod-security2 and awstats work now.
Any ideas how to fix it?
RE: mod-security2 and awstats = error 500 - Wut - 08-08-2008 01:18 AM
I've found this problem too.
Any suggestion ?
RE: mod-security2 and awstats = error 500 - Zothos - 08-08-2008 03:53 AM
deactivate the corresponding mod_security rule
RE: mod-security2 and awstats = error 500 - Wut - 08-09-2008 03:54 AM
How ?
I'm edit /etc/modsecurity2/modsecurity_crs_30_http_policy.conf and comment the following line out :
# Restrict file extension
#
# TODO the list of file extensions below are virtually always considered unsafe
# and not in use in any valid program. If your application uses one of
# these extensions, please remove it from the list of blocked extensions.
# You may need to use ModSecurity Core Rule Set Templates to do so, otherwise
# comment the whole rule.
#
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|$
"phase:2,t:none,t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is$
Are there any better solution ? like whitelist for awstats.pl or something