Topic: ModSecurity: Access denied with code 500 (phase 2)

[pbbhatt]

Hi...

I have install mantis on "forteqa.com" and when i will submit my bugs , so sometimes its given me " Internal server error". When i have seen in apache error_logs its show me following error.

[Tue Jan 13 01:50:06 2009] [error] [client 59.95.248.76] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\(.*from)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "355"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "forteqa.com"] [uri "/bugs/bug_report.php"] [unique_id "oGfxpkg0y68AAH-29wwAAAAX"]

Kindly give me solution.....

Regards,
Pinakin

email Id: pbbhatt@gmail.com

[James Blond]

You should enable a mod_sec log to see which rule blocks your mantis. And than modify or remove that rule.

[glsmith]

The rule is in that message

file: usr/local/apache/conf/modsec2.user.conf"] [line "355"]


I've never found an out to the SQL attack rules. I set them off every time I post to a forum and the forum is flat file not SQL.

I commented out the rule.