how to allow phpMyAdmin on modsecurity_crs_41_sql_injection_attacks.conf

Question

hello, i have a problem.
when I want to enter the phpMyAdmin database then appears forbidden on the browser. I know this because modsecuritycrs41sqlinjection_attacks.conf module sql block. so how can I allow phpMyAdmin and modules modsec only block extraneous files outside of the directory /usr/share/phpmyadmin ?

Answer 1

jesin September 7, 2015

Turn off mod_security for PHPMyAdmin by adding the following in the virtual host file:

<Directory /usr/share/phpmyadmin>
SecRuleEngine Off
</Directory>

Reply Report

dzikriyana September 9, 2015

where is virtual host file, location ? whether in /etc/apache2/conf.d/phpmyadmin.conf?
Reply Report
- jesin September 15, 2015
  
  Look for the file at /etc/phpmyadmin/apache.conf.
  
  Reply Report
dzikriyana September 10, 2015

i got fail, SecRuleEngine not works
Reply Report
- jediganesh July 17, 2019
  
  Usually, the location depends on which Linux you run, or which server software in Windows. On Centos, it will be in /etc/httpd/conf.d/phpMyAdmin.conf
  
  This solution works (I just tested it on 3 servers I manage), but you have to place it in the correct file for your Apache server, and for the correct <Directory> within that. Don’t delete anything; add the SecRuleEngine to the top of <Directory>, before any of the other rules. You can also make it conditional on mod_security with an <IfModule> condition, so as not to upset Apache if you happen to remove it.
  
  Reply Report

Answer 2

dzikriyana September 9, 2015

where is virtual host file, location ? whether in /etc/apache2/conf.d/phpmyadmin.conf?
Reply Report
- jesin September 15, 2015
  
  Look for the file at /etc/phpmyadmin/apache.conf.
  
  Reply Report
dzikriyana September 10, 2015

i got fail, SecRuleEngine not works
Reply Report
- jediganesh July 17, 2019
  
  Usually, the location depends on which Linux you run, or which server software in Windows. On Centos, it will be in /etc/httpd/conf.d/phpMyAdmin.conf
  
  This solution works (I just tested it on 3 servers I manage), but you have to place it in the correct file for your Apache server, and for the correct <Directory> within that. Don’t delete anything; add the SecRuleEngine to the top of <Directory>, before any of the other rules. You can also make it conditional on mod_security with an <IfModule> condition, so as not to upset Apache if you happen to remove it.
  
  Reply Report

Related

Question

how to allow phpMyAdmin on modsecurity_crs_41_sql_injection_attacks.conf

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

how to allow phpMyAdmin on modsecurity_crs_41_sql_injection_attacks.conf

Leave a comment

Related

question

Can't install php-soap to my PHP 7.0 centos

question

cpu from 13% to 100% in one minute

question

PHP Error Log: authz_core:error - For files that don't exists on my server

question

Why are snapshots so slow

Looking for something else?