Modsec: no ID in error message

Post author:g33kadmin
Post published:February 10, 2010
Post category:General Info
Post comments:0 Comments

If you are receiving a modsec error in the apache error log;
[Wed Feb 10 02:02:32 2010] [error] [client 192.168.0.1] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\.php\\?.*loc=(http|https|ftp)\\:\\/" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "302"] [hostname "domain.com"] [uri "/folder/file.php"] [unique_id "S3JaCEPjyqQAAAOO2foAAAAY"]
and it does not give an ID number allowing you to whitelist the rule by ID as usual;
SecRuleRemoveById 300162 300163 300170
You can use the SecRuleRemoveByMsg instead to allow the addition of the rule to the whitelist
SecRuleRemoveByMsg "\.php\?.*loc=(http|https|ftp)\:\/"

g33kadmin

I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Please Share This Share this content

g33kadmin

You Might Also Like

Canonical makes Ubuntu for Windows SubSystem for Linux a priority | ZDNet

Free SoftMaker Office 2008

Learn from and celebrate great incident response teams

Leave a Reply Cancel reply

Share this content