ISPConfig3 with mod_security

Discussion in 'General' started by Hans, Nov 6, 2014.

  1. Hans

    Hans Moderator ISPConfig Developer

    I've setup a new ISPConfig3 3.0.5 SP5 server with Apache mod_security as well.
    mod_security has been setup according this howto:
    After a succesful installation of mod_security, all websites are still up and running, which is nice.
    But...i am unable to access the ISPConfig webpage.
    Instead of the ISPConfig3 logon screen i see an error message with a warning that i am not allowed to enter the index.php page.
    What could be the reason and how can i solve this?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    do you see in apache error.log, which mod_security rule triggered this? If yes, then you can whitelist the rule for the ispconfig vhost or install directory.
     
  3. Hans

    Hans Moderator ISPConfig Developer

    Hi Till,

    In the mean time i found the rule which was causing this.
    I created the file /etc/modsecurity/modsecurity_crs_99_whitelist.conf and added:

    SecRuleRemoveById <RuleID>

    Now i can enter ISPConfig3 again.
     

Share This Page