faq:mod_security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
faq:mod_security [2009-05-13 15:29] – 92.233.37.64 | faq:mod_security [2023-09-13 08:50] (current) – [Error on certain page content] 37.24.179.178 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Error on certain page content ====== | ====== Error on certain page content ====== | ||
- | :?: When certain code examples are entered on a page, the Server returns a "Error 403 -- Forbidden", | + | :?: When certain code examples are entered on a page, the Server returns a "Error 403 -- Forbidden", |
- | :!: This is usually a problem caused by overly-restrictive security policies set in the webserver (Usually | + | :!: This is usually a problem caused by overly-restrictive security policies set in the webserver (usually |
- | There is no way to fix this in DokuWiki, because it is not a problem caused by DokuWiki itself. You need to check your webserver audit logs to identify the problematic rule and disable it. | + | There is no way to fix this in DokuWiki, because it is not a problem caused by DokuWiki itself. You need to check your webserver |
Commonly problematic words are parts of SQL statements, mail or UNIX commands like: | Commonly problematic words are parts of SQL statements, mail or UNIX commands like: | ||
Line 11: | Line 11: | ||
* select ... from | * select ... from | ||
* drop ... | * drop ... | ||
+ | * having ... | ||
* to: ... | * to: ... | ||
* wget ... | * wget ... | ||
+ | * /etc/ ... | ||
Sometimes the problem also occurs when certain parameters are passed in the URL, especially when they contain external URLs like when using external images that are loaded from DokuWiki' | Sometimes the problem also occurs when certain parameters are passed in the URL, especially when they contain external URLs like when using external images that are loaded from DokuWiki' | ||
+ | ===== Less-secure resolutions ===== | ||
+ | |||
+ | On Apache, '' | ||
+ | < | ||
+ | SecFilterEngine Off | ||
+ | SecFilterScanPOST Off | ||
+ | </ | ||
+ | | ||
+ | < | ||
+ | SecRuleEngine Off | ||
+ | </ | ||
+ | |||
+ | --[[chris@thefreyers.net|Chris Freyer]] 7/23/09 | ||
+ | |||
+ | This could be a trade off between security and usability, although it is completely possible to have your DokuWiki work with mod_security, | ||
+ | |||
+ | On Apache2, you can disable mod_security for a specific path inside the VirtualHost block inside your site files (for instance, in / | ||
+ | |||
+ | // / | ||
+ | // Rather than using .htaccess for the entire domain. | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | However, this means that for any undiscovered vulnerabilities in DokuWiki, mod_security will do nothing to prevent them from being exploited, which is not recommended security practice. For those who wish to maintain security of their installation, | ||
+ | |||
+ | ===== Other Solution ===== | ||
+ | |||
+ | In some cases it is not allowed to disable the '' | ||
+ | * Rule 340009: \\ ModSecurity: | ||
+ | |||
+ | * Rule 300001: \\ ModSecurity: | ||
+ | |||
+ | |||
+ | ===== A rule in mod_security ===== | ||
+ | |||
+ | Not having worked on my wiki site for some months, my attempts to edit and then save produced the problem described above. | ||
+ | |||
+ | We had suspected that the rule being triggered was: | ||
+ | > Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post) . | ||
+ | |||
+ | Changing the setting on that one rule was done. A warning was given on removing mod_security: | ||
+ | > While many sites (such as forums) would need this rule enabled to prevent spamming on their forums and usually limit the number of urls a post can have, sites that have posts with a large number of links in them (like wikis) can easily trigger this rule and may need it disabled. | ||
+ | > Mod_security is m to the type of attack that the particular rule prevents, but disabling one rule is better then disabling all. | ||
+ | |||
+ | A little more problem determination gave a better solution. |
faq/mod_security.1242221388.txt.gz · Last modified: 2009-07-23 21:54 (external edit)