Bonjour ou bonsoir,
Tentant de configurer Debian Squeeze amd64 (kimsufi 2G / ovh) je me suis mis à la recherche de tutos pour pouvoir arriver à mes fins.
j'en suis actuellement à l'étape mod_security2 en me basant sur ce
tuto.
Pour le moment tout va bien vu les galères traversées pour en arriver là j'en suis content, même si je ne suis pas sûr que tout est fait correctement, logique: je ne comprends pas tout ce que je fais....
Enfin bref, actuellement mod_security2 me bloque phpmyadmin... j'ai effectué des recherches sur Google mais sans succès: je n'ai pas réussi à dire à mod_security de laisser passer phpmyadmin...
C'est pourquoi je viens quémander de l'aide auprès de vous car là je suis largué.
Le seul repère que j'ai actuellement provient de
Code :
tail -f /var/log/apache2/error.log
qui me ressort :
Code :
1
2
3
4
5
6
7
8
9
10
11
12
| [Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadminl/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Rule 7fb48593c440 [id "950901"][file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "59"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [error] [client 212.41.104.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 4 at TX:restricted_sqli_char_count. [file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "551"] [id "981173"] [rev "2.2.1"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "9"] [hostname "www.iteractif.com"] [uri "/phpmyadmin/index.php"] [unique_id "Tl5aG14X6GwAADJyA7AAAAAE"]
[Wed Aug 31 17:58:19 2011] [notice] child pid 12914 exit signal Segmentation fault (11) |
Auriez-vous, s'il vous plait, des idées/solutions/explications qui me permetterais de comprendre et régler ce problème ?
Quoi qu'il en soit je vous remercie et vous souhaite bonne continuation.
Cordialement, Squal
Edition:
Fait étrange, mod_security me laisse accéder à la base du site mais le log ressort
Code :
1
2
| [Wed Aug 31 17:55:02 2011] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 4). Pattern match "<title>Index of.*?<h1>Index of" at RESPONSE_BODY. [file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_50_outbound.conf"] [line "339"] [id "971200"] [rev "2.2.1"] [msg "Directory Listing"] [severity "ERROR"] [tag "LEAKAGE/INFO_DIRECTORY_LISTING"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "localhost"] [uri "/"] [unique_id "Tl5ZVl4X6GwAADJwAoIAAAAC"]
[Wed Aug 31 17:55:02 2011] [error] [client 127.0.0.1] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/modsecurity/activated_rules/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=, XSS=): Request from Known SPAM Source (Previous RBL Match)"] [hostname "localhost"] [uri "/"] [unique_id "Tl5ZVl4X6GwAADJwAoIAAAAC"] |
Là... je suis complètement paumé... ça me laisse penser à un problème de configuration; Suis-je reparti pour une ré-installation du serveur ?
31/08/2011, 17h49
mod_security2 bloque phpmyadmin
00
