how to allow phpMyAdmin on modsecurity_crs_41_sql_injection_attacks.conf

September 2, 2015 7.1k views
Ubuntu MySQL Apache PHP Security Networking Firewall System Tools Applications

hello, i have a problem.
  when I want to enter the phpMyAdmin database then appears forbidden on the browser. I know this because modsecuritycrs41sqlinjection_attacks.conf module sql block. so how can I allow phpMyAdmin and modules modsec only block extraneous files outside of the directory /usr/share/phpmyadmin ?

1 Answer

Turn off mod_security for PHPMyAdmin by adding the following in the virtual host file:

<Directory /usr/share/phpmyadmin>
SecRuleEngine Off
</Directory>
  • where is virtual host file, location ? whether in /etc/apache2/conf.d/phpmyadmin.conf?

  • i got fail, SecRuleEngine not works

    • Usually, the location depends on which Linux you run, or which server software in Windows. On Centos, it will be in /etc/httpd/conf.d/phpMyAdmin.conf

      This solution works (I just tested it on 3 servers I manage), but you have to place it in the correct file for your Apache server, and for the correct <Directory> within that. Don’t delete anything; add the SecRuleEngine to the top of <Directory>, before any of the other rules. You can also make it conditional on mod_security with an <IfModule> condition, so as not to upset Apache if you happen to remove it.

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!