Mod Security configuration through .htaccess

374 views
Skip to first unread message

Olwen Williams

unread,
Sep 12, 2013, 9:53:07 PM9/12/13
to nzp...@googlegroups.com
A site I work on has recently had sever changes made including something to do with .htaccess

The maximum number of arguments has been set to 1000. 

I use a $_POST variable with 18 fields but 4 of those are arrays win 300+ fields.  These are triggering mod_security and getting a 403 response.

Can anyone point me in the right directions to alter this through .htaccess to maybe 4000 arguments?

Ivan Kurnosov

unread,
Sep 12, 2013, 9:59:36 PM9/12/13
to nzp...@googlegroups.com
Any details in log?

mod_security should have a correspond log level that would allow to see all decisions it makes.


--
--
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to nzp...@googlegroups.com
To unsubscribe, send email to
nzphpug+u...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nzphpug+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
With best regards, Ivan Kurnosov

Jochen Daum

unread,
Sep 12, 2013, 10:00:51 PM9/12/13
to PHPUG
Hi,

On 13 September 2013 13:53, Olwen Williams <olwen.w...@gmail.com> wrote:
normally its not mod_security but the suhosin extension, which comes
with most Debian flavours of PHP installations. See here:
http://www.hardened-php.net/suhosin/configuration.html

and check if you cam maybe try setting suhosin.post.max_vars to 4000?

Kind Regards,

Jochen

David Neilsen

unread,
Sep 12, 2013, 10:03:13 PM9/12/13
to nzp...@googlegroups.com
Also to note in 5.3.9+ there is max_input_vars (defaults to 1000) in the PHP core



Olwen Williams

unread,
Sep 12, 2013, 10:08:01 PM9/12/13
to nzp...@googlegroups.com
This was what I got from Digiweb after my IP address was blocked, but other people are getting the 403 error.


your IP was blocked by mod_security :
Chain num pkts bytes target prot opt in out source destination 

DENYIN 143 1413 123K DROP all -- !lo * 203.173.161.241 0.0.0.0/0 

DENYOUT 143 21 1532 DROP all -- * !lo 0.0.0.0/0 203.173.161.241


ip6tables:

Chain num pkts bytes target prot opt in out source destination 
No matches found for 203.173.161.241 in ip6tables

csf.deny: 203.173.161.241 # lfd: (mod_security) mod_security triggered by 203.173.161.241 (NZ/New Zealand/UNASSIGNED.static.cust.vf.net.nz): 5 in the last 3600 secs - Wed Sep 11 13:17:01 2013

Here is detailed information:
2013-09-11 13:13:27 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:05 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:15 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:45 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:16:57 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403

DP

unread,
Sep 13, 2013, 12:26:49 AM9/13/13
to nzp...@googlegroups.com

On Friday, 13 September 2013 13:53:07 UTC+12, Olwen Williams wrote:


Can anyone point me in the right directions to alter this through .htaccess to maybe 4000 arguments?


It's been ages since mod_security directives cannot be overriden on .htaccess, (since version 2.5 if I recall correctly) only through Apache configuration files.

Mike Gielb

unread,
Nov 23, 2017, 5:02:42 PM11/23/17
to NZ PHP Users Group
Found the answer to this for my system a couple of weeks ago when my host migrated to new servers.

The solution for this is for your web host support to turn off modsec rule WAF 390707

"This rule sets a limit of 1000 arguments in a request. If this limit is too low for you, then either disable this rule for the domain or increase the limit"

The ISP techo had to make the change for me - can't do it with ini files or htaccess

Please refer to https://wiki.atomicorp.com/wiki/index.php/WAF_390707

Mike


Reply all
Reply to author
Forward
0 new messages