Mod_Security Blocking PHPMyAdmin

Celestial Lord

New Member
I have Mod_Security installed, but it's blocking PHPMyAdmin for DirectAdmin users with a 500 error. What can I do to re-enable PHPMyAdmin?
 
Try this in your config


# allow phpmyadmin
<Location /phpMyAdmin/>
SecFilterInheritance Off
</Location>
<Location /phpmyadmin/>
SecFilterInheritance Off
</Location>
 
Hello Celestial Lord,

I believe the answer to your question is different depending on which version of mod_security you're using. I'm not familiar with version 1.x but am with 2.5.x.

In 2.5.x I examine my audit log and when I find page requests being blocked I add an exclusion for that specific page and that specific rule rather than a global exclusion. Multiple rules can be excluded in the same block by separating with a comma.

I created a file named modsecurity_crs_60_custom.conf in my mod_security conf directory and then added lines such as:
Code:
#Rule to exclude such and such.
<LocationMatch '^/page/to/exclude/example.php'>
SecRuleRemoveById 950004,950006,950911,950801,950001
</LocationMatch>[code]

Hope that helps!
 
I have mod_security installed on every machine I own - I wouldnt run a machine without it .
 
Top