Witam
Jak w temacie. Po uruchomieniu mod_security blokuje mi m.in phpMyAdmin. Doczytałem się że można zrobić wyjątki dla poszczególnych aplikacji webowych i w sumie o to chciałem się zapytać jak taki wyjątek stworzyć.
W logach mod_security mam tak :
--f1a87d71-A--
[20/Oct/2016:08:23:08 +0200] WAhizH8AAAEAAFqoDBoAAAAA 192.168.0.105 58191 xx.xx.xx.xx 80
--f1a87d71-B--
GET /phpmyadmin/ HTTP/1.1
Host: www.mydomain.pl
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: pmaCookieVer=5; pma_lang=pl; pma_collation_connection=utf8_unicode_ci; pmaUser-1=%7B%22iv%22%3A%22TP7Zy8x2z4D63w7Z6H1Cgw%3D%3D%22%2C%22mac%22%3A%229d262bba6b176596e346c393effaedfa58dfd2dd%22%2C%22payload%22%3A%224rDhmvcerzEwFhdhHH1TBw%3D%3D%22%7D; info_cookie=1; _ga=GA1.2.1181842170.1476351965; 3192a62084374417fd2a6ce3eaf5eeba=fsk2kgqgsvtjjouackc7dp14g1; 947595724496e514591b0596f5e20b8b=os5f0kqo3ftbfe7j2ro68qqd25; __cfgoid=2
--f1a87d71-F--
HTTP/1.1 403 Forbidden
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-2
Content-Language: pl
--f1a87d71-H--
Message: Access denied with code 403 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){8,}" at REQUEST_COOKIES:pmaUser-1. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "168"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \x22 found within REQUEST_COOKIES:pmaUser-1: {\x22iv\x22:\x22TP7Zy8x2z4D63w7Z6H1Cgw==\x22,\x22mac\x22:\x229d262bba6b176596e346c393effaedfa58dfd2dd\x22,\x22payload\x22:\x224rDhmvcerzEwFhdhHH1TBw==\x22}"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"]
Action: Intercepted (phase 2)
Apache-Handler: type-map
Stopwatch: 1476944588799808 4723 (- - -)
Stopwatch2: 1476944588799808 4723; combined=3719, p1=152, p2=3542, p3=0, p4=0, p5=25, sr=36, sw=0, l=0, gc=0
Producer: ModSecurity for xxx (http://www.modsecurity.org/); OWASP_CRS/2.2.6.
Server: yyy
Engine-Mode: "ENABLED"
W /etc/httpd/modsecurity.d/activated_rules/modsecurity_exclude.conf zdefiniowałem ścieżkę do folderu oraz filtr :
<Directory /usr/share/phpMyAdmin>
SecFilterRemove NNNNN
</Directory>
Przechodząc do sedna pytania... skąd się bierze ten numer który powinien być w miejscu NNNNN ?
Pozdrawiam
Mariusz