Mod Security configuration through .htaccess
396 views
Skip to first unread message
Olwen Williams
Sep 12, 2013, 9:53:07 PM9/12/13
to nzp...@googlegroups.com
A site I work on has recently had sever changes made including something to do with .htaccess
The maximum number of arguments has been set to 1000.
I use a $_POST variable with 18 fields but 4 of those are arrays win 300+ fields. These are triggering mod_security and getting a 403 response.
Can anyone point me in the right directions to alter this through .htaccess to maybe 4000 arguments?
Ivan Kurnosov
Sep 12, 2013, 9:59:36 PM9/12/13
to nzp...@googlegroups.com
Any details in log?
mod_security should have a correspond log level that would allow to see all decisions it makes.
--
--
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to nzp...@googlegroups.com
To unsubscribe, send email to
nzphpug+u...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nzphpug+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
With best regards, Ivan Kurnosov
Jochen Daum
Sep 12, 2013, 10:00:51 PM9/12/13
to PHPUG
Hi,
normally its not mod_security but the suhosin extension, which comes
with most Debian flavours of PHP installations. See here:
http://www.hardened-php.net/suhosin/configuration.html
and check if you cam maybe try setting suhosin.post.max_vars to 4000?
Kind Regards,
Jochen
with most Debian flavours of PHP installations. See here:
http://www.hardened-php.net/suhosin/configuration.html
and check if you cam maybe try setting suhosin.post.max_vars to 4000?
Kind Regards,
Jochen
David Neilsen
Sep 12, 2013, 10:03:13 PM9/12/13
to nzp...@googlegroups.com
Also to note in 5.3.9+ there is max_input_vars (defaults to 1000) in the PHP core
Olwen Williams
Sep 12, 2013, 10:08:01 PM9/12/13
to nzp...@googlegroups.com
This was what I got from Digiweb after my IP address was blocked, but other people are getting the 403 error.
your IP was blocked by mod_security :
Chain num pkts bytes target prot opt in out source destination
DENYIN 143 1413 123K DROP all -- !lo * 203.173.161.241 0.0.0.0/0
DENYOUT 143 21 1532 DROP all -- * !lo 0.0.0.0/0 203.173.161.241
ip6tables:
Chain num pkts bytes target prot opt in out source destination
No matches found for 203.173.161.241 in ip6tables
csf.deny: 203.173.161.241 # lfd: (mod_security) mod_security triggered by 203.173.161.241 (NZ/New Zealand/UNASSIGNED.static.cust.vf.net.nz): 5 in the last 3600 secs - Wed Sep 11 13:17:01 2013
Here is detailed information:
2013-09-11 13:13:27 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:05 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:15 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:45 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:16:57 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
Chain num pkts bytes target prot opt in out source destination
DENYIN 143 1413 123K DROP all -- !lo * 203.173.161.241 0.0.0.0/0
DENYOUT 143 21 1532 DROP all -- * !lo 0.0.0.0/0 203.173.161.241
ip6tables:
Chain num pkts bytes target prot opt in out source destination
No matches found for 203.173.161.241 in ip6tables
csf.deny: 203.173.161.241 # lfd: (mod_security) mod_security triggered by 203.173.161.241 (NZ/New Zealand/UNASSIGNED.static.cust.vf.net.nz): 5 in the last 3600 secs - Wed Sep 11 13:17:01 2013
Here is detailed information:
2013-09-11 13:13:27 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:05 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:15 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:14:45 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
2013-09-11 13:16:57 203.173.161.241 /pantry/shop/agent_shopping_cart.php HTTP/1.1 www.prenzelpantry.co.nz Access denied with code 403 (phase 2). Match of "rx ((?:/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\\.cgi$|^/index\\.php/mageworx/customoptions_options|^/za/)" against "REQUEST_FILENAME" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "115"] [id "390707"] [rev "6"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)"] [severity "WARNING"] 403
DP
Sep 13, 2013, 12:26:49 AM9/13/13
to nzp...@googlegroups.com
On Friday, 13 September 2013 13:53:07 UTC+12, Olwen Williams wrote:
Can anyone point me in the right directions to alter this through .htaccess to maybe 4000 arguments?
It's been ages since mod_security directives cannot be overriden on .htaccess, (since version 2.5 if I recall correctly) only through Apache configuration files.
Mike Gielb
Nov 23, 2017, 5:02:42 PM11/23/17
to NZ PHP Users Group
Found the answer to this for my system a couple of weeks ago when my host migrated to new servers.
The solution for this is for your web host support to turn off modsec rule WAF 390707
"This rule sets a limit of 1000 arguments in a request. If this limit is too low for you, then either disable this rule for the domain or increase the limit"
The ISP techo had to make the change for me - can't do it with ini files or htaccess
Please refer to https://wiki.atomicorp.com/wiki/index.php/WAF_390707
Mike
The solution for this is for your web host support to turn off modsec rule WAF 390707
"This rule sets a limit of 1000 arguments in a request. If this limit is too low for you, then either disable this rule for the domain or increase the limit"
The ISP techo had to make the change for me - can't do it with ini files or htaccess
Please refer to https://wiki.atomicorp.com/wiki/index.php/WAF_390707
Mike
Reply all
Reply to author
Forward
0 new messages