enfix
Reputation: 6960
ModSecurity 403 access denied
I have this error in log when I try to access to a subdirectory:
ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/09_Global_Other.conf"] [line "57"] [id "210580"] [rev "1"]
The request has .profile word in URI, but I use it in Google login scope.
Is it possibile, with .htaccess disable it ? I already tried use it:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
but it doesn't work.
I tried to put it on root .htaccess file and in subdirecory .htaccess file.
UPDATE:
The error in browser is:
Forbidden
You don't have permission to access /SUBDIR/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Upvotes: 2
Views: 4717
Answers (1)
Barry Pollard
Reputation: 45885
Try this:
<IfModule mod_security2.c>
SecRuleUpdateTargetById 210580 !ARGS:'scope'
</IfModule>
Upvotes: 3
Related Questions
- ModSecurity: Access denied with code 403
- HTTP Error 403.0 - ModSecurity Action
- "Not Acceptable" error was generated by Mod_Security
- Extra sensitive Mod Security rules giving 403 forbidden error
- "ModSecurity Access Denied" in logs. I don't understand what its telling me.. Should I be concerned?
- ModSecurity: Access denied with code 403 & SQL injection Detected
- ModSecurity: Access denied with code 406 in apache
- mod_security 960015 blocks Google and other good bots
- mod_security - IP access Issue
- apache mod_security says - Access Denied error