Posted by: Hartoto | 10/12/2015

Atasi Masalah 404 Forbidden phpMyAdmin Centos Web Panel

Case
403 forbidden
You don’t have permission to access /phpMyAdmin/import.php on this server.

Sebab

Hal ini disebabkan kita mengaktifkan modul security. Modul tersebut memblokir query dan menganggapnya sebagai query attack

Solusi

1.Lihat log modul security di server :2030/index.php?module=mod_security

Akan ditemukan seperti di bawah ini

[Mon Oct 12 12:30:22 2015] [error] [client 101.203.168.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:csv_enclosed. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:csv_enclosed: \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "xxx.xxx.xxx.xxx"] [uri "/phpmyadmin/import.php"] [unique_id "VhtvnnVnQPIAAAPrGt4AAAAA"]
fokus pada [id "981318"]
2. Klik mod_sec_disabled_rules.conf
server:2030/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf

3. Setelah itu masukkan bypass id dengan sintaks seperti di bawah ini, silakan temukan ID yang menyebabkan error dan bypass

## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 960915
SecRuleRemoveById 970013
SecRuleRemoveById 981318
SecRuleRemoveById 981001

4. Restart apache
Service httpd restart

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: