how to allow phpMyAdmin on modsecurity_crs_41_sql_injection_attacks.conf

September 2, 2015 7.1k views
Ubuntu MySQL Apache PHP Security Networking Firewall System Tools Applications
dzikriyana
By:
dzikriyana

hello, i have a problem.
  when I want to enter the phpMyAdmin database then appears forbidden on the browser. I know this because modsecuritycrs41sqlinjection_attacks.conf module sql block. so how can I allow phpMyAdmin and modules modsec only block extraneous files outside of the directory /usr/share/phpmyadmin ?

Sign In to Comment
1 Answer
jesin September 7, 2015

Turn off mod_security for PHPMyAdmin by adding the following in the virtual host file:

<Directory /usr/share/phpmyadmin>
SecRuleEngine Off
</Directory>
Report
  • dzikriyana September 9, 2015

    where is virtual host file, location ? whether in /etc/apache2/conf.d/phpmyadmin.conf?

    Report
  • dzikriyana September 10, 2015

    i got fail, SecRuleEngine not works

    Report
    • jediganesh July 17, 2019

      Usually, the location depends on which Linux you run, or which server software in Windows. On Centos, it will be in /etc/httpd/conf.d/phpMyAdmin.conf

      This solution works (I just tested it on 3 servers I manage), but you have to place it in the correct file for your Apache server, and for the correct <Directory> within that. Don’t delete anything; add the SecRuleEngine to the top of <Directory>, before any of the other rules. You can also make it conditional on mod_security with an <IfModule> condition, so as not to upset Apache if you happen to remove it.

      Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related