Apologies. Posted about this issue some time ago with specifics, or "sorta"
specifics. Basically any attempt to edit an existing setting like queues,
notifications, etc gets a 403 access denied error. Front end appears to work
fine. I have disabled mod_security for the OTRS virtual servers for the time
being.
OTRS version is 3.0.7
Here's my mod_security recipe
<IfModule mod_security2.c>
# This is the ModSecurity Core Rules Set.
# Basic configuration goes in here
Include modsecurity.d/*.conf
Include modsecurity.d/base_rules/*.conf
# Additional items taken from new minimal modsecurity conf
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
# PCRE Tuning
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
# Handling of file uploads
# TODO Choose a folder private to Apache.
# SecUploadDir /opt/apache-frontend/tmp/
SecUploadKeepFiles Off
SecUploadFileLimit 10
# Debug log
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0
# Serial audit log
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog /var/log/httpd/modsec_audit.log
# Set Data Directory
SecDataDir /var/log/httpd/
# Maximum request body size we will
# accept for buffering
SecRequestBodyLimit 131072
# Store up to 128 KB in memory
SecRequestBodyInMemoryLimit 131072
# Buffer response bodies of up to
# 512 KB in length
SecResponseBodyLimit 524288
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
# By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your
# environment consider changing it to detection-only. You are encouraged
# _not_ to remove it altogether.
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_SEMICOLON_MISSING}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
# Did we see anything that might be a boundary?
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched
boundary.'"
# Some internal errors will set flags in TX and we will need to look for these.
# All of these are prefixed with "MSC_". The following flags currently exist:
#
# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
#
SecRule TX:/^MSC_/ "!@streq 0" \
"phase:2,t:none,deny,msg:'ModSecurity internal error flagged:
%{MATCHED_VAR_NAME}'"
# Local rules
Include modsecurity.d/modsecurity_localrules.conf
</IfModule>
----- Original Message -----
From: "Gerald Young" <[email protected]>
To: "User questions and discussions about OTRS." <[email protected]>
Sent: Monday, August 29, 2011 10:02:47 AM
Subject: Re: [otrs] mod_security configuration
What is your current mod_security recipe?
http://www.howtoforge.com/apache_mod_security_p2
I don't have mod_security implemented, but if you give us a bit more than
"various parts of the admin interface are blocked" someone might be able to
assist. It's very possible that certain keywords are blocked. You also haven't
told us what version (?) of OTRS you're using.
On Mon, Aug 29, 2011 at 12:05 PM, Ralf Hildebrandt <
[email protected] > wrote:
* Jefferson Davis < [email protected] >:
> Nothing???? Really???? No one has successfully used mod_securty with OTRS?
Well, why not look at the logs to see what is blocked and why?
(no, Im'm not running mod_security on my OTRS box)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
[email protected] | http://www.charite.de
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
