Bad Request caused by modsecurity core rules

today a user tried to import (upload) a mysql database using phpmydmin. an error like this showed up:

Bad Request
Your browser sent a request that this server could not understand

i cheked the apache’s error log file and found some lines indicating that it had something to do with modsecurity. those lines got REQBODY_PROCESSOR_ERROR in them so i checked modsecurity configuration files :

$ grep REQBODY_PROCESSOR_ERROR modsecurity*conf

the search found it in
modsecurity_crs_20_protocol_violations.conf file so i did :

$ vi modsecurity_crs_20_protocol_violations.conf

and found a rule like this :

SecRule REQBODY_PROCESSOR_ERROR “!@eq 0” “t:none,deny,log,auditlog,status:400,msg:’Invalid request body’,,id:’960912′,severity:’2′”

i then red the modsecurity reference and found answer that deny can be changed with pass to continue processing with the next rule. so i changed deny with pass, saved the file and exit. restart apache to make the change take effect and then tested it. no error, the import process was success.
but i will have to change it back to deny again as soon as the guy finish his database import.
i think this case is not only for phpmyadmin but also any applications that requires uploading.

Latest posts by gregor (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *