mod_security + phpMyAdmin

A few days ago I had a terrible problem with ModSecurity and phpMyAdmin installed. In general, the problem was that, the security module perceived phpMyadmin requests as sql injection attacks. The solution is again trivial, just for the phpmyadmin files I turn off rule checking. I wrote the rules in modsecurity.d / modsecurity_localrules.conf which is located in the folder of your apache server. Here are the rules themselves.

<LocationMatch “/phpmyadmin/tbl_change.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/sql.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/managecontent.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/import.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_select.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_replace.php”>
SecRuleEngine Off
</LocationMatch>

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti SPAM *