1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

mod security horde issue...

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by christleo, Dec 24, 2008.

  1. christleo

    christleo Guest

    0
     
    I've tried using my webmail and everytime i enter a invalid username/password i receive a page cannot be found....

    Thu Dec 25 15:04:45 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/"] [unique_id "n6BWo38AAAEAAF0nrZQAAAAF"]
    [Thu Dec 25 15:04:46 2008] [error] [client202.202.202.202] ModSecurity: Could not set variable "resource.alerted_960903_compression" as the collection does not exist. [hostname "webmail.xxxxxx.com"] [uri "/login.php"] [unique_id "n6Lycn8AAAEAAF0EoEYAAAAB"]
    [Thu Dec 25 15:04:46 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/login.php"] [unique_id "n6Lycn8AAAEAAF0EoEYAAAAB"]
    [Thu Dec 25 15:05:07 2008] [error] [client202.202.202.202] ModSecurity: Could not set variable "resource.alerted_960903_compression" as the collection does not exist. [hostname "webmail.xxxxxx.com"] [uri "/imp/redirect.php"] [unique_id "n-9DM38AAAEAAF1CsQoAAAAG"]
    [Thu Dec 25 15:05:07 2008] [error] [client202.202.202.202] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "webmail.xxxxxx.com"] [uri "/imp/redirect.php"] [unique_id "n-9DM38AAAEAAF1CsQoAAAAG"]


    I believe that modsecurity is preventing this....

    any idea how to disable or fix this issue?
     
  2. wsani

    wsani Silver Pleskian

    28
    40%
    Joined:
    Mar 4, 2005
    Messages:
    509
    Likes Received:
    0
    Are you running ASL or mod_security standalone?
     
  3. christleo

    christleo Guest

    0
     
    everything was default install...

    running in a virtuozzo plesk
     
  4. wsani

    wsani Silver Pleskian

    28
    40%
    Joined:
    Mar 4, 2005
    Messages:
    509
    Likes Received:
    0
    When you say default, you mean mod_security, right? I just want to be crystal clear on this. There are two solutions to this issue:

    1. Add the entire domain to the modsec exclude conf
    2. Disable the rule ID (960903) in modsec conf for the offending domain.
     
  5. christleo

    christleo Guest

    0
     
    /etc/httpd/conf.d/modsecurity_crs_10_config.conf
    /etc/httpd/conf.d/modsecurity_crs_20_protocol_violations.conf
    /etc/httpd/conf.d/modsecurity_crs_21_protocol_anomalies.conf
    /etc/httpd/conf.d/modsecurity_crs_30_http_policy.conf
    /etc/httpd/conf.d/modsecurity_crs_35_bad_robots.conf
    /etc/httpd/conf.d/modsecurity_crs_40_generic_attacks.conf
    /etc/httpd/conf.d/modsecurity_crs_45_trojans.conf
    /etc/httpd/conf.d/modsecurity_crs_50_outbound.conf
    /etc/httpd/conf.d/modsecurity_crs_55_marketing.conf


    I do not have exclude .conf

    Here're all the modsecurity files
     
  6. mikegotroot

    mikegotroot Guest

    0
     
    You're using the generic core rules, you have to manually tune those for your system. Or you can use my rules which have already been tuned for Plesk:

    http://www.gotroot.com
     
Loading...