Question

403 Forbidden after installing Mod_security

Posted November 3, 2013 32.9k views
Hi, I installed Mod_security on Ubuntu 12.04 x32 following this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server and now I receive 403 Forbidden error on every page/folder on my website: You don't have permission to access / on this server You don't have permission to access /phpmyadmin on this server I created /etc/modsecurity/modsecurity_custom_rules.conf and I could probably add custom rule for every specific case i.e. SecRuleEngine Off but is there a simpler way to add more general rules? Also is it normal after installing Mod_security to get blocked completely or I did something wrong during the installation? Thanks in advance
Add a comment
info302118
By:
info302118

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
9 answers
info302118 November 3, 2013
Copy from the apache2/modsec_audit.log:

--37e37562-H--
Message: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "35"] [id "981059"] [msg "Warning - Sticky SessionID Data Changed - IP Address Mismatch."]
Action: Intercepted (phase 1)
Stopwatch: 1383499867684968 2258 (- - -)
Stopwatch2: 1383499867684968 2258; combined=634, p1=407, p2=0, p3=0, p4=0, p5=177, sr=109, sw=50, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/); OWASP_CRS/2.2.5; core ruleset/2.2.0.
Server: Apache/2.2.22 (Ubuntu)
WebApp-Info: "default" "ljo70mlrrc3rc9fh8ishmfjhu4" ""
Reply Report
kamaln7 November 3, 2013
Try clearing your cookies and see if that fixes it.
Reply Report
info302118 November 3, 2013
Thank you Kamal.
Tried, unfortunately it doesn't work:

Forbidden
You don't have permission to access / on this server.
Reply Report
kamaln7 November 3, 2013
Try disabling the experimental routes.
Reply Report
info302118 November 3, 2013
I don't think I have any experimental routes enabled. I did very few changes in /etc/modsecurity/modsecurity.conf (I.e. SecRuleEngine On; SecResponseBodyAccess Off)
Reply Report
info302118 November 3, 2013
Any other ideas guys?
Reply Report
info302118 November 3, 2013
apache2/error.log is full with this crap:

ModSecurity: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash"$
Reply Report
havennow March 6, 2014
you get? Good .. I had this problem installing zpanel with apache2 .. and I only comment on the .. / etc/apache2/apache2.conf, al the virtual host worked nicely

OS: Ubuntu 12 LTS
Reply Report
yiyang June 4, 2014
check the status of SELinux

# vi /etc/selinux/config
# SELINUX=disabled -> SELINUX=enforcing
save & exit
# setenforce 0

It will be fine!
Reply Report

Looking for something else?

Ask a new question Search for more help