Mod_Security Blocking PHPMyAdmin

Discussion in 'Linux VPS - DirectAdmin' started by Celestial Lord, Feb 23, 2009.

  1. Celestial Lord

    Celestial Lord New Member

    I have Mod_Security installed, but it's blocking PHPMyAdmin for DirectAdmin users with a 500 error. What can I do to re-enable PHPMyAdmin?
  2. Internet54

    Internet54 New Member

    Try this in your config

    # allow phpmyadmin
    <Location /phpMyAdmin/>
    SecFilterInheritance Off
    <Location /phpmyadmin/>
    SecFilterInheritance Off
  3. Dan

    Dan Moderator

    Hello Celestial Lord,

    I believe the answer to your question is different depending on which version of mod_security you're using. I'm not familiar with version 1.x but am with 2.5.x.

    In 2.5.x I examine my audit log and when I find page requests being blocked I add an exclusion for that specific page and that specific rule rather than a global exclusion. Multiple rules can be excluded in the same block by separating with a comma.

    I created a file named modsecurity_crs_60_custom.conf in my mod_security conf directory and then added lines such as:
    #Rule to exclude such and such.
    <LocationMatch '^/page/to/exclude/example.php'>
    SecRuleRemoveById 950004,950006,950911,950801,950001
    Hope that helps!
  4. D.cramb

    D.cramb Guest

    I have mod_security installed on every machine I own - I wouldnt run a machine without it .

Share This Page