[Owasp-modsecurity-core-rule-set] phpmyadmin usage via localhost interface through mod_security
jason at mi-squared.com
Sat Oct 30 11:40:51 EDT 2010
Now I feel silly: because this only addresses part of the problem.
The application I am running under apache ALSO has phpmyadmin embedded
in it. I need to also modify the CRS to allow direct phpmyadmin
access via the standard use of a web browser (not port forwarding)
So to clarify, it looks like I need two answers:
1) how to enable/disable some or all of CRS based on the incoming
interface, or ip address
2) how to enable/disable some or all of CRS based on the request url,
or the request path.
I have only searched the archives for #1. I will be searching for
#2. If there is already an answer to #2, I apologize in advance.
On Oct 30, 2010, at 8:34 AM, Jason Brooks wrote:
> I need to solve this problem, but don't quite grok the mod_security
> rules yet. I am running CRS 2.0.5.
> I have enabled phpmyadmin only via the localhost interface 127.0.0.1.
> That way the tool may only be used after port-forwarding through ssh.
> My trouble is that I get the messsge "You don't have permission to
> access /ppc/openemr/phpmyadmin/tbl_change.php on this server.".
> I am fairly certain this message is correct: the selection I make in
> phpmyadmin is indeed embedding sql into the request. However, the
> solutions I find through google pretty much entirely disable sql
> injection checking. I don't want this.
> I would like to simply disable sql injection checking for web server
> access via the localhost port. Can anyone point me in the correct
> I really appreciate your help in advance.
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
More information about the Owasp-modsecurity-core-rule-set