[Owasp-modsecurity-core-rule-set] phpmyadmin usage via localhost interface through mod_security
jason at mi-squared.com
Sat Oct 30 11:34:35 EDT 2010
I need to solve this problem, but don't quite grok the mod_security
rules yet. I am running CRS 2.0.5.
I have enabled phpmyadmin only via the localhost interface 127.0.0.1.
That way the tool may only be used after port-forwarding through ssh.
My trouble is that I get the messsge "You don't have permission to
access /ppc/openemr/phpmyadmin/tbl_change.php on this server.".
I am fairly certain this message is correct: the selection I make in
phpmyadmin is indeed embedding sql into the request. However, the
solutions I find through google pretty much entirely disable sql
injection checking. I don't want this.
I would like to simply disable sql injection checking for web server
access via the localhost port. Can anyone point me in the correct
I really appreciate your help in advance.
More information about the Owasp-modsecurity-core-rule-set