Error 403 Forbidden when configuring plugins

When I hit the "Save" button after configuring izap_video or tidypics settings, I always get an 403 Forbidden error.

Apache error.log says:

[Wed Jun 30 19:58:15 2010] [warn] [client 129.217.129.134] mod_fcgid: stderr: WARNING: 2010-06-30 19:58:15 (CEST): "in_array(): Wrong datatype for second argument" in file /var/www/web192/html/h3ndrik/elgg/mod/izap_videos/lib/izapLib.php (line 106), referer: http://h3ndrik.de/pg/admin/statistics/
[Wed Jun 30 19:58:18 2010] [error] [client 129.217.129.134] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\\/|\\\\)+inetpub|localstart\\.asp|boot\\.ini)" at ARGS:izap[izapPhpInterpreter]. [file "/etc/apache2/modsec2/10_asl_rules.conf"] [line "215"] [id "340009"] [rev "26"] [msg "Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS"] [data ""] [severity "CRITICAL"] [hostname "h3ndrik.de"] [uri "/action/izapAdminSettings"] [unique_id "TCuFuk6KWZYAAG5rcykAAABH"]

 

Can anybody help me? I don't see, what modsec2 matches in the url... Or is the error caused by something else?

  • It looks like ModSecurity is hitting a match on save actions for these plugins.  Just a guess, but it could be because these plugins are passing the path of required binaries (eg, /usr/bin/ffmpeg) in POST which is being caught by the ModSecurity rule (scanning for 'bin').

  • Thank you very much. I didn't know that. Just stripped the "/usr/bin/" and now it works. Damn POST ;)