store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Dec 21, 2014 6:14 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: How to disable a rule that matches no rule number in waf?
Unread postPosted: Tue Oct 23, 2012 4:57 pm 
Offline
New Forum User
New Forum User

Joined: Tue Oct 23, 2012 4:31 pm
Posts: 2
Location: Here
Complete ASL newb here and need a little help.

ASL is blocking part of my cgi script with this rule but when I search for rule 60118 in WAF it comes up empty. Can anyone tell me how I disable this rule so my cgi works properly?

Here is the alert I get when I try to use my ubr uploader script.

Rule: 60118 fired (level 7) -> "Access attempt blocked by Mod Security."
[403] [/20121023/20121023-1159/20121023-115940-iw8G6lURVx4AAHnnVnUAAAAC] [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "2873"] [id "393134"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "/test\\.f?cgi" at REQUEST_URI.


Top
 Profile  
 
 Post subject: Re: How to disable a rule that matches no rule number in waf
Unread postPosted: Wed Oct 24, 2012 12:15 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3680
Location: Chantilly, VA
Thanks for the question. The rule id for this event is 393134:

Rule: 60118 fired (level 7) -> "Access attempt blocked by Mod Security."
[403] [/20121023/20121023-1159/20121023-115940-iw8G6lURVx4AAHnnVnUAAAAC] [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "2873"] [id "393134"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "/test\\.f?cgi" at REQUEST_URI.

The best way to do change rules is to log into the ASL gui, click on the event, and then click Manage Rule which will open that rules settings directly.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: How to disable a rule that matches no rule number in waf
Unread postPosted: Fri Nov 02, 2012 9:35 am 
Offline
New Forum User
New Forum User

Joined: Tue Oct 23, 2012 4:31 pm
Posts: 2
Location: Here
Thanks. That Rule: 60118 had me guessing. I'll take a look.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group