ModSecurity 3 prevents ACP

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6296
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: ModSecurity 3 prevents ACP

Post by thecoalman »

Depends, the rule set can be customized or even paid for. However the common one is provided by OWASP, no idea how many rulesthey have but there is hundreds or thousands of them. Each rule is assigned an anomaly value based on the threat, you could trigger multiple rules. If the total anomaly value goes over the threshold the action is blocked.

Based on the many recent topics here about this I would guess they probably added or changed a rule that is giving the false positives. No one has posted the rule being triggered so it's impossible to determine what the issue may be. The rule being triggeed may be listed in your server error logs. Post the entire line(s).
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
5hocK
Registered User
Posts: 3147
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: ModSecurity 3 prevents ACP

Post by 5hocK »

error_log is empty.
My host says
We whitelisted a mod_sec PID which is causing the issue. If you still have the problem we can whitelist the ModSecurity ID causing the issue, but we need the exact steps to replicate the error from our side.
But made no difference. I've gave them login details.
5hocK
Registered User
Posts: 3147
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: ModSecurity 3 prevents ACP

Post by 5hocK »

My host say they found the error and disabled the rule. I have access again.

Error
[Mon Mar 04 14:19:50.044831 2024] [security2:error] [pid 12796:tid 47477742208768] [client 74.81.95.50:35422] [client 74.81.95.50] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/index.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/001_i360_basic.conf"] [line "8"] [id "77350314"] [msg "IM360 WAF: Path traversal attack||User:jsofzone||Path:/adm/index.php||Arg:ARGS:redirect||Match:../adm/index.php?sid=6ca476c56b10f276981ef14fabb984a2||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] [hostname "www.example.org"] [uri "/adm/index.php"] [unique_id "ZeYe1nrqthuUh2uffMcgEAAAAQ0"], referer: https://www.example.org/adm/index.php?sid=6ca476c56b10f276981ef14fabb984a2
User avatar
ssl
Registered User
Posts: 1979
Joined: Sat Feb 08, 2020 2:15 pm
Location: Le Lude, Pays de la Loire - France
Name: Fred Rimbert

Re: ModSecurity 3 prevents ACP

Post by ssl »

thecoalman wrote: Sun Mar 03, 2024 2:18 pm It's not that they can't change it, they probably don't want to.
Yes I know
This host lost credibility when I learned about this.
Sorry for my English ... I do my best! :anger_right:

:point_right_tone3: phpBB: 3.3.13 | PHP: 8.3.9
:point_right_tone4: [Kill spam on phpBB] - [Some French translation of extensions]
"Mistress, Mistress someone is bothering me in pm"
ukautoforums
Registered User
Posts: 101
Joined: Thu Mar 02, 2017 10:00 am

Re: ModSecurity 3 prevents ACP

Post by ukautoforums »

5hocK wrote: Mon Mar 04, 2024 7:37 pm My host say they found the error and disabled the rule. I have access again.

Error
[Mon Mar 04 14:19:50.044831 2024] [security2:error] [pid 12796:tid 47477742208768] [client 74.81.95.50:35422] [client 74.81.95.50] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/index.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/001_i360_basic.conf"] [line "8"] [id "77350314"] [msg "IM360 WAF: Path traversal attack||User:jsofzone||Path:/adm/index.php||Arg:ARGS:redirect||Match:../adm/index.php?sid=6ca476c56b10f276981ef14fabb984a2||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] [hostname "www.example.org"] [uri "/adm/index.php"] [unique_id "ZeYe1nrqthuUh2uffMcgEAAAAQ0"], referer: https://www.example.org/adm/index.php?sid=6ca476c56b10f276981ef14fabb984a2
Hopefully the phpbb developers can use this error and patch in a future version since it now seems to be a common issue.

I have no idea on modsecurity but that looks to me that the redirect to the admin panel has triggered the block.
marc3
Registered User
Posts: 2
Joined: Sun Dec 12, 2021 11:58 pm

Re: ModSecurity 3 prevents ACP

Post by marc3 »

Hi,

You can (temporary) solve the problem editing the code with browser Developer Tools.

Simply change this line:
Captura de pantalla 2024-03-06 a les 11.58.23.png
change "./../" with your domain:
Captura de pantalla 2024-03-06 a les 11.58.41.png


Regards,
You do not have the required permissions to view the files attached to this post.
Vauxi
Registered User
Posts: 18
Joined: Sat Apr 16, 2022 11:19 am

Re: ModSecurity 3 prevents ACP

Post by Vauxi »

Mod Security 3 is back online and do not prevent ACP anymore. There were rule that was edited by the host of the host. :D

Return to “[3.3.x] Support Forum”