How can I disable mod_security for phpMyAdmin?

P

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
25
Apache and Nginx are running as a reverse proxy. I modified the webapps.conf and webapps.ssl.conf file on the phpMyAdmin side as shown below, but it didn't help. Customers are getting a 406 error due to mod_security rules.

Rich (BB code): 
        location ^~ /phpMyAdmin {
                modsecurity off;
                root /var/www/html/;
                index index.php index.html index.htm;
                location ~ ^/phpMyAdmin/ {
                        access_log off;
                set $my_server_addr $server_addr;
                if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
                        proxy_pass http://$my_server_addr:8080;
                        proxy_set_header X-Client-IP      $remote_addr;
                        proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
                        proxy_set_header Host        $host;
                        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                        proxy_hide_header Upgrade;
                }
                location ~ ^/phpMyAdmin/nginx_static_files/ {
                        access_log  /var/log/nginx/access_log_proxy;
                        alias       /var/www/html/;
                        internal;
                }
        }
 
option 1 ... htaccess - I do not recommend that

option 2 - Customers are getting 406 for 1 or 2 rules - disable rules in admin panel mod security (admin view) you can see rules at logs (at admin view) and click to skip
 
Previously, we disabled mod_security specific to the domain on Nginx to allow access to phpMyAdmin with SSO on the customer's domain. With the latest update, we now only allow access through the server hostname. The only solution is to disable the triggered rules from the panel. You cannot do anything with .htaccess as mod_security is on Nginx
 
if you know where's to put the rules, just put this in somewhere relate to modsecurity conf
Code: 
SecRule REQUEST_URI "@beginsWith /phpMyAdmin/" "id:1,ctl:ruleEngine=Off"

ensure rules will work correctly
Code: 
nginx -t

###if above command return correct config, just restart webserver
service nginx restart
 
You must log in or register to reply here.
Back
Top