403 Forbidden after installing Mod_security

Posted November 3, 2013 32.9k views
Hi, I installed Mod_security on Ubuntu 12.04 x32 following this tutorial: and now I receive 403 Forbidden error on every page/folder on my website: You don't have permission to access / on this server You don't have permission to access /phpmyadmin on this server I created /etc/modsecurity/modsecurity_custom_rules.conf and I could probably add custom rule for every specific case i.e. SecRuleEngine Off but is there a simpler way to add more general rules? Also is it normal after installing Mod_security to get blocked completely or I did something wrong during the installation? Thanks in advance

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
9 answers
Copy from the apache2/modsec_audit.log:

Message: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "35"] [id "981059"] [msg "Warning - Sticky SessionID Data Changed - IP Address Mismatch."]
Action: Intercepted (phase 1)
Stopwatch: 1383499867684968 2258 (- - -)
Stopwatch2: 1383499867684968 2258; combined=634, p1=407, p2=0, p3=0, p4=0, p5=177, sr=109, sw=50, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.6.3 (; OWASP_CRS/2.2.5; core ruleset/2.2.0.
Server: Apache/2.2.22 (Ubuntu)
WebApp-Info: "default" "ljo70mlrrc3rc9fh8ishmfjhu4" ""
Try clearing your cookies and see if that fixes it.
Thank you Kamal.
Tried, unfortunately it doesn't work:

You don't have permission to access / on this server.
Try disabling the experimental routes.
I don't think I have any experimental routes enabled. I did very few changes in /etc/modsecurity/modsecurity.conf (I.e. SecRuleEngine On; SecResponseBodyAccess Off)
apache2/error.log is full with this crap:

ModSecurity: Access denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash"$
you get? Good .. I had this problem installing zpanel with apache2 .. and I only comment on the .. / etc/apache2/apache2.conf, al the virtual host worked nicely

OS: Ubuntu 12 LTS
check the status of SELinux

# vi /etc/selinux/config
# SELINUX=disabled -> SELINUX=enforcing
save & exit
# setenforce 0

It will be fine!