Results 1 to 2 of 2

Thread: mod-security and owncloud - 403 forbidden

  1. #1
    Join Date
    May 2010
    Location
    uk
    Beans
    9,374
    Distro
    Xubuntu 14.04 Trusty Tahr

    mod-security and owncloud - 403 forbidden

    Hi.

    I'm trying to set up owncloud on my test server.

    I have mod-security installed and i have configured owncloud.

    When i try to access owncloud, mod-security is blocking it with this error

    Code:
    server1:/var/log/apache2 % tail -f error.log
    
    [Sat May 04 20:39:13 2013] [error] [client 192.168.0.100] 
    ModSecurity: Access denied with code 403 (phase 1). 
    Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash" required. 
    [file "/etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf"] 
    [line "35"] [id "981059"] 
    [msg "Warning - Sticky SessionID Data Changed - IP Address Mismatch."] 
    [hostname "server1"] [uri "/owncloud/"] 
    [unique_id "UYVj4X8AAQEAAAeNDW0AAAAF"]
    It seems to think it's a session hijack. I could just disable the rule but i am loathed to do this.

    I have the core set rules installed

    Code:
    server1:/var/log/apache2 % dpkg -l | grep modsec
    ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                    Tighten web applications security for Apache
    ii  modsecurity-crs                      2.2.0-1                             modsecurity's Core Rule Set
    server1:/var/log/apache2 %
    I have no rules for iptables.
    Code:
    server1:/var/log/apache2 % sudo !!
    sudo iptables -L
    [sudo] password for matthew: 
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere             anywhere            
    server1:/var/log/apache2 %
    If a disable mod-security then i can access the owncloud pages.

    Does anybody have an idea why this crs rule is forbidding me from accessing the pages ?

    Thanks in advance for any help.

    Kind regards
    Last edited by matt_symes; May 4th, 2013 at 08:52 PM.
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

    Thinking about becoming an Ubuntu Member?

  2. #2
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: mod-security and owncloud - 403 forbidden

    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •