403 Forbidden after installing Mod_security

November 3, 2013 14.2k views
Hi, I installed Mod_security on Ubuntu 12.04 x32 following this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server and now I receive 403 Forbidden error on every page/folder on my website: You don't have permission to access / on this server You don't have permission to access /phpmyadmin on this server I created /etc/modsecurity/modsecurity_custom_rules.conf and I could probably add custom rule for every specific case i.e. SecRuleEngine Off but is there a simpler way to add more general rules? Also is it normal after installing Mod_security to get blocked completely or I did something wrong during the installation? Thanks in advance
9 Answers
Copy from the apache2/modsec_audit.log:

Message: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "35"] [id "981059"] [msg "Warning - Sticky SessionID Data Changed - IP Address Mismatch."]
Action: Intercepted (phase 1)
Stopwatch: 1383499867684968 2258 (- - -)
Stopwatch2: 1383499867684968 2258; combined=634, p1=407, p2=0, p3=0, p4=0, p5=177, sr=109, sw=50, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/); OWASP_CRS/2.2.5; core ruleset/2.2.0.
Server: Apache/2.2.22 (Ubuntu)
WebApp-Info: "default" "ljo70mlrrc3rc9fh8ishmfjhu4" ""
Try clearing your cookies and see if that fixes it.
Thank you Kamal.
Tried, unfortunately it doesn't work:

You don't have permission to access / on this server.
Try disabling the experimental routes.
I don't think I have any experimental routes enabled. I did very few changes in /etc/modsecurity/modsecurity.conf (I.e. SecRuleEngine On; SecResponseBodyAccess Off)
apache2/error.log is full with this crap:

ModSecurity: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash"$
you get? Good .. I had this problem installing zpanel with apache2 .. and I only comment on the .. / etc/apache2/apache2.conf, al the virtual host worked nicely

OS: Ubuntu 12 LTS
check the status of SELinux

# vi /etc/selinux/config
# SELINUX=disabled -> SELINUX=enforcing
save & exit
# setenforce 0

It will be fine!
Have another answer? Share your knowledge.