Hi, i set up a VPS using HowToForge's "The Perfect Server - Ubuntu 18.04" I followed all the steps correctly but at the end or when I try to run a PHP page I get the following message "You are not allowed to access the requested URL" the file's permissions are the same as in the index.html file. Can someone help me?
[Mon Sep 21 19:41:36.122345 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Rule 7f5f249a49e8 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "92"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.201695 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Warning. Pattern match "(?i)(?:supplied argument is not a valid MySQL|Column count doesn't match value count at row|mysql_fetch_array\\\\(\\\\)|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right ..." at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"] [line "376"] [id "951230"] [msg "mysql SQL Information Leakage"] [data "Matched Data: warning</td><td class=\\x22v\\x22>1</td><td class=\\x22v\\x22>1</td></tr>\\x0a</table>\\x0a<h2><a name=\\x22module_gettext\\x22>gettext</a></h2>\\x0a<table>\\x0a<tr><td class=\\x22e\\x22>GetText Support </td><td class=\\x22v\\x22>enabled </td></tr>\\x0a</table>\\x0a<h2><a name=\\x22module_hash\\x22>hash</a></h2>\\x0a<table>\\x0a<tr><td class=\\x22e\\x22>hash support </td><td class=\\x22v\\x22>enabled </td></tr>\\x0a<tr><td class=\\x22e\\x22>Hashing Engines </td><td class=\\x22v\\x22>md2 md4 md5 sha1 sha224 sha256 sha38..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "applic [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.207104 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Warning. Pattern match "(?iostgreSQL query failed:|pg_query\\\\(\\\\) \\\\[:|pg_exec\\\\(\\\\) \\\\[:|PostgreSQL.*ERROR|Warning.*pg_.*|valid PostgreSQL result|Npgsql\\\\.|PG::[a-zA-Z]*Error|Supplied argument is not a valid PostgreSQL .*? resource|Unable to connect to PostgreSQL server)" at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"] [line "402"] [id "951240"] [msg "postgres SQL Information Leakage"] [data "Matched Data: PostgreSQL</th><th>enabled</th></tr>\\x0a<tr><td class=\\x22e\\x22>PostgreSQL(libpq) Version </td><td class=\\x22v\\x22>10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) </td></tr>\\x0a<tr><td class=\\x22e\\x22>Module version </td><td class=\\x22v\\x22>7.2.24-0ubuntu0.18.04.6 </td></tr>\\x0a<tr><td class=\\x22e\\x22>Revision </td><td class=\\x22v\\x22> $Id: 9c5f356c77143981d2e905e276e439501fe0f419 $ </td></tr>\\x0a</table>\\x0a<h2><a name=\\x22module_pdo_sqlite\\x22>pdo_sqlite</a></h2>\\x0a<table>\\x0a<tr class=\\x22h\\x22>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "applicati [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.209049 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Rule 7f5f249469f0 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "433"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.212020 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Warning. Pattern match "(?i)(?:Sybase message:|Warning.*sybase.*|Sybase.*Server message.*)" at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"] [line "454"] [id "951260"] [msg "Sybase SQL Information Leakage"] [data "Matched Data: warning</td><td class=\\x22v\\x22>1</td><td class=\\x22v\\x22>1</td></tr>\\x0a</table>\\x0a<h2><a name=\\x22module_gettext\\x22>gettext</a></h2>\\x0a<table>\\x0a<tr><td class=\\x22e\\x22>GetText Support </td><td class=\\x22v\\x22>enabled </td></tr>\\x0a</table>\\x0a<h2><a name=\\x22module_hash\\x22>hash</a></h2>\\x0a<table>\\x0a<tr><td class=\\x22e\\x22>hash support </td><td class=\\x22v\\x22>enabled </td></tr>\\x0a<tr><td class=\\x22e\\x22>Hashing Engines </td><td class=\\x22v\\x22>md2 md4 md5 sha1 sha224 sha256 sha38..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-sybase"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/LEAKAGE/ERRORS_SQL"] [tag "CWE-209"] [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.231298 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TXutbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "76"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 15)"] [ver "OWASP_CRS/3.2.0"] [tag "anomaly-evaluation"] [hostname "vmi443458.contaboserver.net"] [uri "/info.php"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"] [Mon Sep 21 19:41:36.232446 2020] [:error] [pid 19506] [client 179.95.37.177:52922] [client 179.95.37.177] ModSecurity: Warning. Operator GE matched 4 at TXutbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "102"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 15): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.2.0"] [tag "event-correlation"] [hostname "vmi443458.contaboserver.net"] [uri "/error/403.html"] [unique_id "X2jl0KOHwwkdhqO3V3ryDgAAAAM"]
So there you go, you installed modsecurity (not part of the Perfect Server guide, fwiw) and it's blocking your requests. You might try increasing your PCRE limits, perhaps that's the only underlying issue you have.
Really the problem was the Mod_Security I removed and it worked. Does Mod_Security not work on Ubuntu 18.04? I have a VPN with Ubuntu 16.04 and I had no problem with Mod_Security. Thank you.
if it's correct configured, it should work. but i don't have many experiance with mod_security, because it causes more Problems than it helps
You can work on the mod_security config to make it usable if you want to. Start with configuring it to not block but only log, then watch the log as you use ISPConfig and it will tell you what rules are hitting, and you configure accordingly, eg. you might have to disable that rule for the vhost, or add a rule compensating for the matching one. I started working on a config under Debian a couple years back but never finished taking it to full blocking mode in production; it does take some work to get it there.
