Current time: 12-27-2024, 12:31 PM Hello There, Guest! (LoginRegister)


Post Reply 
mod-security2 and awstats = error 500
Author Message
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #1
mod-security2 and awstats = error 500
[Sat Jun 28 14:40:45 2008] [error] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(​?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?Big Grin[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\\w{0,5}~|webinfo|ht[rw]|xs[dx]| ..." at REQUEST_BASENAME. [file "/etc/modsecurity2/modsecurity_crs_30_http_policy.conf"] [line "94"] [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"] [tag "POLICY/EXT_RESTRICTED"] [hostname "localhost"] [uri "/awstats/mydomain.com"] [unique_id "VdBaplGpgkIAAAmZH2QAAABN"]

I dissabled mod-security2 and awstats work now.
Any ideas how to fix it?
06-28-2008 11:12 PM
Find all posts by this user Quote this message in a reply
Wut Offline
Junior Member
*

Posts: 18
Joined: Aug 2007
Reputation: 0
Post: #2
RE: mod-security2 and awstats = error 500
I've found this problem too.

Any suggestion ?
08-08-2008 01:18 AM
Find all posts by this user Quote this message in a reply
Zothos Offline
Release Manager
*****
Dev Team

Posts: 1,262
Joined: Feb 2007
Reputation: 10
Post: #3
RE: mod-security2 and awstats = error 500
deactivate the corresponding mod_security rule Smile
08-08-2008 03:53 AM
Find all posts by this user Quote this message in a reply
Wut Offline
Junior Member
*

Posts: 18
Joined: Aug 2007
Reputation: 0
Post: #4
RE: mod-security2 and awstats = error 500
How ?

I'm edit /etc/modsecurity2/modsecurity_crs_30_http_policy.conf and comment the following line out :

# Restrict file extension
#
# TODO the list of file extensions below are virtually always considered unsafe
# and not in use in any valid program. If your application uses one of
# these extensions, please remove it from the list of blocked extensions.
# You may need to use ModSecurity Core Rule Set Templates to do so, otherwise
# comment the whole rule.
#
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|$
"phase:2,t:none,t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is$

Are there any better solution ? like whitelist for awstats.pl or something
(This post was last modified: 08-10-2008 01:27 AM by Wut.)
08-09-2008 03:54 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)