Page 1 of 1

Why Mod_Security block importing DB?

Posted: 2020/08/25 17:58:34
by hack3rcon
Hello,
I'm using LAMP on CentOS 8. I installed a WordPress and PhpMyadmin. I created a Virtualhost for WordPress as below:

Code: Select all

# cat /etc/httpd/conf.d/wp.conf 
<VirtualHost *:80>
ServerAdmin root@localhost
ServerAlias www.mymy.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
</VirtualHost>
I installed the Mod_security and its configuration is:

Code: Select all

$ cat /etc/httpd/conf.d/mod_security.conf

<IfModule mod_security2.c>
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess Off
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyNoFilesLimit 10000000 
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body 
\
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

SecResponseBodyAccess Off

SecDebugLog /var/log/httpd/modsec_debug.log

SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial

SecAuditLog /var/log/httpd/modsec_audit.log
SecArgumentSeparator & SecCookieFormat 0
SecTmpDir /var/lib/mod_security
SecDataDir /var/lib/mod_security

# ModSecurity Core Rules Set and Local configuration

 IncludeOptional modsecurity.d/*.conf
IncludeOptionalmodsecurity.d/activated_rules/*.conf

 IncludeOptionalmodsecurity.d/local_rules/*.conf
</IfModule>
When I want to import database via PhpMyadmin then it show me an error:

Code: Select all

# cat modsec_audit.log
--1b44395e-H--
Apache-Error: [file "mod_autoindex.c"] [line 2329] [level 3] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php,index.php) found, and server-generated directory index forbidden by Options directive
Stopwatch: 1598359137900184 2090 (- - -)
Stopwatch2: 1598359137900184 2090; combined=49, p1=4, p2=35, p3=0, p4=0, p5=10, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/).
Server: Apache
Engine-Mode: "ENABLED"
And also error about "MULTIPART_BOUNDARY" .

Apache configuration is:

Code: Select all

<Directory />
    AllowOverride none
    Require all denied
</Directory>
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/html">
 Options FollowSymLinks
 AllowOverride None
 Require all granted
</Directory>

TraceEnable off
ServerSignature Off
ServerTokens Prod
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
TimeOut 60
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
ErrorDocument 500 "Oh sorry dear."
FileETag MTime 
KeepAlive On 
MaxKeepAliveRequests 100  
MaxConnectionsPerChild 1000 
UseCanonicalName Off 
LimitInternalRecursion 5 
LimitRequestFields 500 
AcceptPathInfo Off
MaxRanges 100
KeepAliveTimeout 4
# Modules
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule headers_module modules/mod_headers.so
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
Thank you.

Re: Why Mod_Security block importing DB?

Posted: 2020/08/26 12:02:36
by roudaki
Sorry

This error may occur when attempting to access applications that have an index.php file (or other index file), but not an index.html or other specified ‘directory index’ file.

Can you try this

https://www.liquidweb.com/kb/apache-err ... nd-solved/

Re: Why Mod_Security block importing DB?

Posted: 2020/08/27 10:45:26
by hack3rcon
roudaki wrote:
2020/08/26 12:02:36
Sorry

This error may occur when attempting to access applications that have an index.php file (or other index file), but not an index.html or other specified ‘directory index’ file.

Can you try this

https://www.liquidweb.com/kb/apache-err ... nd-solved/
I did, but problem not solved!

Code: Select all

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>
My virtual host config is:

Code: Select all

$ cat /etc/httpd/conf.d/wp.conf
<VirtualHost *:80>
ServerAdmin root@localhost
ServerAlias www.mymy.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
</VirtualHost>