Results 1 to 13 of 13
  1. #1
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843

    mod security issue

    I am having a issue with mod security blocking a download via http.

    Mod security return this 406 error.

    Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"]

    The program used to access is actualy a game. Call of Duty.

    A mod is hosted on the website and when a player logs into the game server it redirects his game and downloads the mod files from the webserver, then reconnects him to the game. This is done to increase DL speeds of mods and maps which can be in the 10-30 MB range.

    Apparently is does not like the way the game is calling the file. I can host this file on another webserver no issues at all.

    Is there a way to allow this to pass through without disabling the entire rule set?
    My IP >> 127.0.0.1 Hack Away!!

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Have you tried commenting the said line and restarting apache?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843
    Well commenting the line would also allow other tihngs through that use that protocol correct?


    I would think writing a specific rule to allow this App through would be better then turning the entire rule off.

    So I guess my answer would be no I didn't try that and am still hoping to find a workaround for this. Thank youfor the suggestion though.
    My IP >> 127.0.0.1 Hack Away!!

  4. #4
    Join Date
    Apr 2006
    Posts
    492
    I also tried using mod security on one of my servers and it screwed up a lot of my scripts so I had to remove it.

  5. #5
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Quote Originally Posted by marisc View Post
    I also tried using mod security on one of my servers and it screwed up a lot of my scripts so I had to remove it.
    You need to understand the ruleset for the program. It's unfortunate a lot of people remove it because of this. With a good ruleset that is tuned, the program kicks azz.

    With a bad ruleset the program can wreck havoc.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  6. #6
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843
    I have not had any isues with it except for this one. I'm still reading up on how to let it pass through.
    My IP >> 127.0.0.1 Hack Away!!

  7. #7
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Quote Originally Posted by Patrick67 View Post
    I have not had any isues with it except for this one. I'm still reading up on how to let it pass through.
    You will need to modify the particular rule, so that it allows your application to run the script.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  8. #8
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843
    Quote Originally Posted by david510 View Post
    You will need to modify the particular rule, so that it allows your application to run the script.
    It's not a script, it is just a redirection http download. I don't think it likes the agent the game is using to call the download .
    My IP >> 127.0.0.1 Hack Away!!

  9. #9
    Join Date
    Nov 2005
    Location
    /etc/fstab
    Posts
    1,274
    SecFilterEngine Off
    SecFilterScanPOST Off

    Put those codes on your .htaccess file, this should bypass you from mod_security

    Regards
    Mellowhost - Providing High Quality Web Hosting Services since 2007
    SSD Cpanel Shared, SSD OpenVZ & KVM VPS Hosting
    A Hosting Provider with Complete SSD VPS & Shared Hosting.

  10. #10
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843
    Quote Originally Posted by hadrick View Post
    SecFilterEngine Off
    SecFilterScanPOST Off

    Put those codes on your .htaccess file, this should bypass you from mod_security

    Regards

    That would disable Mod security for the entire site if I understand it correctly. I do not wish to disable it, just allow a specific application through .
    My IP >> 127.0.0.1 Hack Away!!

  11. #11
    Join Date
    Aug 2005
    Location
    Egypt
    Posts
    110
    we need to find good rules
    GNU/Linux system Engineer
    Contact Me: 00201003338749

  12. #12
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    Can you not just remove the rule for the one directory?
    Code:
    <Directory /home/user/public_html/downloads>
      SecRuleRemoveById 990011
    </Directory>
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  13. #13
    Join Date
    Sep 2004
    Location
    Chicago
    Posts
    843
    Quote Originally Posted by foobic View Post
    Can you not just remove the rule for the one directory?
    Code:
    <Directory /home/user/public_html/downloads>
      SecRuleRemoveById 990011
    </Directory>

    I'll try that. Just what I was looking for. Thanks.
    My IP >> 127.0.0.1 Hack Away!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •