• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

mod_security blocking webmail?

P

panaman

Guest
I have some clients that when they send a message they get the following

Forbidden
You don't have permission to access /horde/imp/compose.php on this server.
Apache Server at webmail.DOMAIN.net Port 80

I looked in my error log and it looks like my mod_security is blocking it for some people.... any ideas?

[Wed Aug 23 08:23:26 2006] [error] [client 66.42.219.172] mod_security: Access denied with code 403. Pattern match "cc:" at POST_PAYLOAD
[severity "EMERGENCY"] [hostname "webmail.DOMAIN.net"] [uri "/horde/imp/compose.php?uniq=75lmim1sakg0"]
 
i figured it out..
I needed to add an exclude list to my rules for mod_security

# http://www.gotroot.com/mod_security+rules
# Gotroot.com ModSecurity rules
# Exclusion Rules
#
# Download from: http://www.gotroot.com/downloads/ftp/mod_security/exclude.conf
#
# Created by The Prometheus Group (http://www.prometheus-group.com)
# Commercial redistribution prohibited.
# Copyright 2005 and 2006, all rights reserved.
#
# modsecurity is a trademark of Thinking Stone, Ltd.
#
# IMPORTANT NOTE! These rules must be loaded FIRST in your rule orderset to override
# other rules. If you load them later, they will not work!
#
# Version: N-20060817-01
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
# THE POSSIBILITY OF SUCH DAMAGE.


###########################################
#Generic SQL injection rule exclusions
###########################################

#generic PHP forum posting exclusion
<LocationMatch "/posting.php">
SecFilterRemove 300013
</LocationMatch>

#PhpMyadmin
<LocationMatch "/tbl_change.php">
SecFilterRemove 300016
</LocationMatch>


#PhpBB posting
<LocationMatch "/index.php?name=PNphpBB2&file=posting&mode=reply.*">
SecFilterRemove 300013
</LocationMatch>

#Postnuke uploads
<LocationMatch "/modules.php?op=modload&name=Downloads.*">
SecFilterRemove 300013
</LocationMatch>

#Tikiwiki forum
<LocationMatch "/tiki-view_forum_thread.php">
SecFilterRemove 300013
</LocationMatch>

#Squirrel mail and Horde postings
<LocationMatch "/horde/imp/compose.php">
SecFilterRemove 300013
SecFilterRemove 300015
</LocationMatch>

#Phorum posting
<LocationMatch "/phorum/post.php">
SecFilterRemove 300013
</LocationMatch>

#Tikiwiki edit
<LocationMatch "/tiki-editpage.php">
SecFilterRemove 300013
</LocationMatch>

<LocationMatch "/misc.php">
SecFilterRemove 300013
</LocationMatch>

<LocationMatch "/forum/posting.php\?mode=.*">
SecFilterRemove 300016
</LocationMatch>

###########################################
#Double pipe exclusion rules
###########################################
<LocationMatch "/_vti_bin/fpcount.exe">
SecFilterRemove 300014
</LocationMatch>

###########################################
#Front page exclusions
###########################################
<LocationMatch "/_vti_bin/_vti_aut/author.exe">
SecFilterInheritance Off
</LocationMatch>

<Location /modules.php?name=Forums&file=posting>
SecFilterRemove 300016
</Location>

<Location /modules.php?name=Private_Messages&file=index>
SecFilterRemove 300016
</Location>

###########################################
#Mambo/Joomla exclusions
###########################################
<LocationMatch "/index.php">
SecFilterRemove 380000
SecFilterRemove 300013
</LocationMatch>
<LocationMatch "/administrator/index2.php">
SecFilterRemove 300013
SecFilterRemove 300016
SecFilterRemove 380000
SecFilterRemove 360001
</LocationMatch>
 
Back
Top