How to exclude this rule in mod security?

skooboy

Active Member
#1
I'm trying to run a sql query in an admin panel of invision power board and got a 500 internal server error. This is from error_log:


2015-02-03 21:52:39.246 NOTICE [98.116.x.x:60856-0#APVH_forum.website] mod_security rule triggered!

[Tue Feb 3 21:52:39 2015] [error] [client 98.116.x.x] ModSecurity: Access denied with code 500, [Rule: 'ARGS' '(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)'] [id "300016"] [msg "Generic SQL injection protection"]

2015-02-03 21:52:39.246 NOTICE [98.116.x.x:60856-0#APVH_forum.website] Content len: 124, Request line: 'POST /admin/index.php?adsess=d9f0bdffasfsa02200222&app=core&module=sql&section=toolbox HTTP/1.1'
2015-02-03 21:57:07.414 NOTICE [98.116.x.x:60962-0#APVH_forum.website] mod_security rule triggered!

[Tue Feb 3 21:57:07 2015] [error] [client 98.116.x.x] ModSecurity: Access denied with code 500, [Rule: 'ARGS' '(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)'] [id "300016"] [msg "Generic SQL injection protection"]

2015-02-03 21:57:07.414 NOTICE [98.116.x.x:60962-0#APVH_forum.website] Content len: 134, Request line: 'POST /admin/index.php?adsess=d9f0bdffasfsa02200222&app=core&module=sql&section=toolbox HTTP/1.1'

How can I add it to the exclude/whitelist of mod security? Thanks.
 

NiteWave

Administrator
#2
the rule id is 300016

grep mod_security rules and comment out this rule.
the rules should be under /usr/local/apache/conf/modsec/ if it's WHM/cPanel.
 
Top