faq:mod_security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
faq:mod_security [2017-06-21 10:52] – Update for apache2 and clarification around security. 2.98.36.101 | faq:mod_security [2023-09-13 08:50] (current) – [Error on certain page content] 37.24.179.178 | ||
---|---|---|---|
Line 3: | Line 3: | ||
:?: When certain code examples are entered on a page, the Server returns a "Error 403 -- Forbidden", | :?: When certain code examples are entered on a page, the Server returns a "Error 403 -- Forbidden", | ||
- | :!: This is usually a problem caused by overly-restrictive security policies set in the webserver (usually [[http:// | + | :!: This is usually a problem caused by overly-restrictive security policies set in the webserver (usually [[http:// |
- | There is no way to fix this in DokuWiki, because it is not a problem caused by DokuWiki itself. You need to check your webserver or application firewall audit logs to identify the problematic rule and disable it. | + | There is no way to fix this in DokuWiki, because it is not a problem caused by DokuWiki itself. You need to check your webserver or application firewall audit logs to identify the problematic rule and disable it (or notify your provider to do so). |
Commonly problematic words are parts of SQL statements, mail or UNIX commands like: | Commonly problematic words are parts of SQL statements, mail or UNIX commands like: | ||
Line 11: | Line 11: | ||
* select ... from | * select ... from | ||
* drop ... | * drop ... | ||
+ | * having ... | ||
* to: ... | * to: ... | ||
* wget ... | * wget ... | ||
+ | * /etc/ ... | ||
Sometimes the problem also occurs when certain parameters are passed in the URL, especially when they contain external URLs like when using external images that are loaded from DokuWiki' | Sometimes the problem also occurs when certain parameters are passed in the URL, especially when they contain external URLs like when using external images that are loaded from DokuWiki' | ||
- | |||
===== Less-secure resolutions ===== | ===== Less-secure resolutions ===== | ||
- | On apache, '' | + | |
- | SecFilterEngine Off | + | On Apache, '' |
- | SecFilterScanPOST Off | + | |
+ | | ||
+ | SecFilterScanPOST Off | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | SecRuleEngine Off | ||
+ | </ | ||
--[[chris@thefreyers.net|Chris Freyer]] 7/23/09 | --[[chris@thefreyers.net|Chris Freyer]] 7/23/09 | ||
Line 28: | Line 36: | ||
// / | // / | ||
- | // Rather than using .htaccess for the entire domain.. | + | // Rather than using .htaccess for the entire domain. |
< | < | ||
< | < | ||
- | SecRuleEngine Off | + | < |
+ | SecRuleEngine Off | ||
+ | </ | ||
</ | </ | ||
</ | </ | ||
However, this means that for any undiscovered vulnerabilities in DokuWiki, mod_security will do nothing to prevent them from being exploited, which is not recommended security practice. For those who wish to maintain security of their installation, | However, this means that for any undiscovered vulnerabilities in DokuWiki, mod_security will do nothing to prevent them from being exploited, which is not recommended security practice. For those who wish to maintain security of their installation, | ||
- | |||
- | |||
===== Other Solution ===== | ===== Other Solution ===== | ||
+ | |||
In some cases it is not allowed to disable the '' | In some cases it is not allowed to disable the '' | ||
* Rule 340009: \\ ModSecurity: | * Rule 340009: \\ ModSecurity: | ||
* Rule 300001: \\ ModSecurity: | * Rule 300001: \\ ModSecurity: | ||
+ | |||
===== A rule in mod_security ===== | ===== A rule in mod_security ===== | ||
+ | |||
Not having worked on my wiki site for some months, my attempts to edit and then save produced the problem described above. | Not having worked on my wiki site for some months, my attempts to edit and then save produced the problem described above. | ||
faq/mod_security.1498035179.txt.gz · Last modified: 2017-06-21 10:52 by 2.98.36.101