mod_security help?

**twirp** · March 8th, 2008, 7:18 PM

So I'm trying to use different php ftp scripts, and I keep getting an error due to mod_security.
I have this in my .htaccess

Code:

SecFilterInheritance Off
SecFilterEngine Off
SecFilterScanPOST Off

The error log says:

Quote:

ModSecurity: Access denied with code 403 (phase 2). Operator GT matched 255 at ARGS. [file "/path/modsecurity_crs_23_request_limits.conf"] [line "28"] [id"] [id "960335"] [msg "Too many arguments in request"] [severity "WARNING"] [hostname "urlgoeshere"] [uri "/index.php"] [unique_id "somerandomid"]

Thanks for any help or advice.
Should I post line 28 of the mod...its.conf file?

snide · March 9th, 2008, 8:21 AM

Can you list your script or atleast '[line "28"]'?

**twirp** · March 9th, 2008, 11:26 AM

Quote:

SecRule &ARGS "

gt 255" "phase:2,t:none,deny,log,auditlog,status:403,msg:' Too many arguments in request',id:'960335',severity:'4'"

It's all japanese to me...

snide · March 10th, 2008, 8:59 AM

It ain't Japanese to me, but just as undecipherable.

Perhaps you can make allowances in mod_security to allow that FTP script from that user to bypass those restrictions.

**twirp** · March 20th, 2008, 10:12 AM

How do others have mod_security configured. I'll probably look up information on it soon, but yeah...
So far it's only been preventing things I want to work from working.

**Roxy** · March 20th, 2008, 10:21 AM

This could probably be totally wrong to whats going on, but from the above it said "access denied with code 403", which is a permissions problem. Did you set certain permissions to this file?

Other then that, I found this really useful article on it, hopefully it helps. =)
ONLamp.com -- Introducing mod_security

**jdcopelin** · March 20th, 2008, 4:20 PM

Quote:

Originally Posted by twirp

So I'm trying to use different php ftp scripts, and I keep getting an error due to mod_security.

Is it just you that will be using the script? You can add an "ip whitelist" to that rule in the modsec configuration file to prevent it from being triggered... something like this:

Code:

SecFilterSelective REMOTE_ADDR  ^196.168.0.1$ allow

Hope that helps.

Regards,
Jonathan

**twirp** · March 20th, 2008, 4:37 PM

Quote:

Originally Posted by jdcopelin

Is it just you that will be using the script? You can add an "ip whitelist" to that rule in the modsec configuration file to prevent it from being triggered... something like this:

Code:

SecFilterSelective REMOTE_ADDR  ^196.168.0.1$ allow

Hope that helps.

Regards,
Jonathan

I think there's something wrong with the version I'm running...
It doesn't seem to care for what's placed in the .htaccess. Has anyone else tried 2.5? I had 2.5.0 installed, and I'm going to upgrade it to 2.5.1...
I'm thinking of going and trying there 1.9.* or 2.1.* What version does surpass have installed?

March 9th, 2008, 8:21 AM	#2 (permalink)
snide Registered User Super #1 Joined in Jul 2003 Lives in So. NJ 1,557 posts Gave thanks: 0 Thanked 9 times	Can you list your script or atleast '[line "28"]'? __________________ Dime13 \| Pass17

March 10th, 2008, 8:59 AM	#4 (permalink)
snide Registered User Super #1 Joined in Jul 2003 Lives in So. NJ 1,557 posts Gave thanks: 0 Thanked 9 times	It ain't Japanese to me, but just as undecipherable. Perhaps you can make allowances in mod_security to allow that FTP script from that user to bypass those restrictions. __________________ Dime13 \| Pass17

March 20th, 2008, 10:12 AM	#5 (permalink)
twirp DemonicAngel Super #1 Joined in Aug 2004 Lives in Wherever The World Takes Me Hosted on Pass76 1,829 posts Gave thanks: 26 Thanked 35 times	How do others have mod_security configured. I'll probably look up information on it soon, but yeah... So far it's only been preventing things I want to work from working. __________________ You wear Vans so high school kids will think that you can skate. He wears Vans because he can skate. TwiRp wears Vans because they were on sale. Pass76 wants Vans.

March 20th, 2008, 10:21 AM	#6 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,656 posts Gave thanks: 81 Thanked 128 times	This could probably be totally wrong to whats going on, but from the above it said "access denied with code 403", which is a permissions problem. Did you set certain permissions to this file? Other then that, I found this really useful article on it, hopefully it helps. =) ONLamp.com -- Introducing mod_security __________________ Roxanne Urban Roxy -Personal Blog SH63 - the best darn shared server!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)