Nella speranza sia utile a qualcuno.
SCENARIO: Plesk + Mod Security by Atomicorp, SQL injection rules attivate
PROBLEMA: i salvataggi da Strumenti -> Viste produce un server error 403 (Forbidden)
MOTIVO: nel log di apache si trova la spiegazione …
[client 10.0.0.46] ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:(?:truncate|truncate|rename)[[:space:]]+
[a-z| |0-9|\\\\*|\\\\.|\\\\,|\\\\(|\\\\)|_|\\\\-]+[[:space:]]
+(?:into|from|table|database|index|view)[[:space:]]+[a-z|0-9|\\\\*| |
\\\\{|\\\\.|\\\\,|\\\\(|\\\\)|_|\\\\-]|\\\\bunion\\\\b.{1,256}?
select.{1,256}[a-z0-9\\\\(\\\\)].{1,256}(?:from|#| ..." at ARGS:query[3]. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"]
[line "300"] [id "340016"] [rev "46"] [msg "Atomicorp.com WAF Rules:
Attack Blocked - SQL injection attempt detected"] [data "select ragione_sociale from a"]
[severity "CRITICAL"] [tag "SQLi"] [hostname " … il nome host … "] [uri "/editor.php"] [unique_id "W5bQ5H8AAAEAAFTsGrwAAAAH"], referer:
https:// … il server host … /editor.php?id_module=37&id_record=15
SOLUZIONE: in Plesk, per singolo sito, cliccare su Apache & nginx Settings. Poi in Additional Apache directives, nei textarea appositi (http/https) inserire:
SecRuleEngine Off
...
E' un modo quick & dirty, ma funzia. Info riprese da: https://wiki.atomicorp.com/wiki/index.php/Mod_security
