2015-10-25, 03:56 PM
Though I would share this.
Will probably not be valid for people on shared hosting unless their host uses CWP.
My setup is CentOS 6.x with CWP
Problem found: getting a 403 error when trying to upload a new theme xml file
Went through some logs and turns out mod_security was to blame (the htaccess fix in the htaccess example does not work with modsec 2 as far as I'm aware)
So I went through the log files and found the rule ID(s) that appeared to have been violated.
I've removed unnecessary/exposing info
[id "960915"] being of importance here
To fix this, I added;
To the bottom of the rules file (typically here /usr/local/apache/conf/mod_sec_disabled_rules.conf)
The ## MyBB ## is not necessary, just to make it easier to understand the next time i look in that file.
Then restart the httpd/apache service and the rule came into force, everything seems fine now.
Also seems to think modifying a stylesheet through /admin/index.php?module=style-themes&action=edit_stylesheet&mode=advanced is an SQLi attempt, violating rule 981317, fix in the same way
edit; turns out it violates a few:
960915
981317
958011
973308
973335
973334
973347
950103
Will probably not be valid for people on shared hosting unless their host uses CWP.
My setup is CentOS 6.x with CWP
Problem found: getting a 403 error when trying to upload a new theme xml file
Went through some logs and turns out mod_security was to blame (the htaccess fix in the htaccess example does not work with modsec 2 as far as I'm aware)
So I went through the log files and found the rule ID(s) that appeared to have been violated.
I've removed unnecessary/exposing info
[Sun Oct 25 16:17:59 2015] [error] [client ##.##.##.###] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "219"] [id "960915"] [rev "1"] [msg "Multipart parser detected a possible unmatched boundary."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "mywebsite.url"] [uri "/admin/index.php"] [unique_id "###############"]
[id "960915"] being of importance here
To fix this, I added;
## MyBB ##
SecRuleRemoveById 960915
To the bottom of the rules file (typically here /usr/local/apache/conf/mod_sec_disabled_rules.conf)
The ## MyBB ## is not necessary, just to make it easier to understand the next time i look in that file.
Then restart the httpd/apache service and the rule came into force, everything seems fine now.
Also seems to think modifying a stylesheet through /admin/index.php?module=style-themes&action=edit_stylesheet&mode=advanced is an SQLi attempt, violating rule 981317, fix in the same way
edit; turns out it violates a few:
960915
981317
958011
973308
973335
973334
973347
950103