Bad Request caused by modsecurity core rules
today a user tried to import (upload) a mysql database using phpmydmin. an error like this showed up:
Bad Request
Your browser sent a request that this server could not understand
i cheked the apache’s error log file and found some lines indicating that it had something to do with modsecurity. those lines got REQBODY_PROCESSOR_ERROR in them so i checked modsecurity configuration files :
$ grep REQBODY_PROCESSOR_ERROR modsecurity*conf
the search found it in
modsecurity_crs_20_protocol_violations.conf file so i did :
$ vi modsecurity_crs_20_protocol_violations.conf
and found a rule like this :
SecRule REQBODY_PROCESSOR_ERROR “!@eq 0″ “t:none,deny,log,auditlog,status:400,msg:’Invalid request body’,,id:’960912′,severity:’2′”
i then red the modsecurity reference and found answer that deny can be changed with pass to continue processing with the next rule. so i changed deny with pass, saved the file and exit. restart apache to make the change take effect and then tested it. no error, the import process was success.
but i will have to change it back to deny again as soon as the guy finish his database import.
i think this case is not only for phpmyadmin but also any applications that requires uploading.
