On Wed, Jun 5, 2013 at 9:19 AM, Aniyan Rajan <aniyan.raj...@gmail.com>wrote:
> Hello CRS Users, > > I have installed CRS Version 2.2.5 in my server. I am using Modsecurity > 2.5.12 from Debian/squeeze. I have iRedMail installed in my server. > > When I click the login button from the iRedAdmin webpage ( > www.mydomain.org/iredadmin), I am getting a Forbidden webpage with the > following details: > > Forbidden >> You don't have permission to access /iredadmin/login on this server. >> Apache Server at www.mydomain.org Port 443 >> > > I checked the modsecurity_audit.log and it shows the following. I found > that if I remove the following 3 rules in > base_rules/modsecurity_crs_30_http_policy.conf, the problem will be solved. > But how can I allow (whitelist) the iredadmin webpage alone, without > completely removing the following rules ? I feel that this will be a better > fix. Thanks. > Hi Aniyan, Editing the CRS rules directly is not recommended as it makes upgrading the rules much harder. Furthermore, its probably a good idea to upgrade ModSecurity to the latest version as there was recently a DoS related vulnerability patched. Once you are running a more recent version, your options for handling false positives becomes significantly more flexible as well, see: http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html On ModSec 2.5.12, you can simply white-list the offending rule/s by including something like the following *before* you include the offending CRS rules. <Location /iredadmin/login> SecRuleRemoveById 960010 </Location> -- - Josh
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
