[Owasp-modsecurity-core-rule-set] phpmyadmin usage via localhost interface through mod_security

Jason Brooks jason at mi-squared.com
Sat Oct 30 11:34:35 EDT 2010


Hello,

I need to solve this problem, but don't quite grok the mod_security  
rules yet.  I am running CRS 2.0.5.

I have enabled phpmyadmin only via the localhost interface 127.0.0.1.   
That way the tool may only be used after port-forwarding through ssh.   
My trouble is that I get the messsge "You don't have permission to  
access /ppc/openemr/phpmyadmin/tbl_change.php on this server.".

I am fairly certain this message is correct: the selection I make in  
phpmyadmin is indeed embedding sql into the request.  However, the  
solutions I find through google pretty much entirely disable sql  
injection checking.  I don't want this.

I would like to simply disable sql injection checking for web server  
access via the localhost port.  Can anyone point me in the correct  
direction?

I really appreciate your help in advance.

--jason




More information about the Owasp-modsecurity-core-rule-set mailing list