Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
apache mod_security detects sql injection attack #1927
After new installation on a shared hosting, I get a mod_security error which then auto blocks my ip. It is falsely detecting a sql injection attack because within the pyrocms code is "user_password" which is pattern matched by ModSecurity.
This might be what happened with this issue: #630
[Thu Oct 04 19:23:57 2012] [error] [client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object(?:(?:nam|typ)e|id) ..." at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "88"] [id "959904"] [msg "Blind SQL Injection Attack"] [data "user_password"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "dev.xxxxxxx.org"] [uri "/system/cms/themes/default/img/favicon.ico"] [unique_id "UG4ona3sHXIABwPFvyEAAAAa"]
I always take feedback on board, but this is a non-mover. So far 3 people have reported a problem with this, out of 60,000+ installations.
So what would you have me do? Some random module is flagging up valid code as an SQL attack for 0.005% of our users so I should recode it?
I left this open for a while and invited conversation, nobody said anything so I closed it. If any of you feel passionate about this then please do feel free to send in a pull request, but I cannot dedicate time to fixing something 0.005% of users have requested when I have functionality to build that effects 100% of the community.
Sorry if that's not the sort of attitude you'd like, but it's a realistic one.
I can understand that reasoning...totally. I think you could rephrased your earlier answer better.." it's not our fault mod_security is complaining about a very commonly used term" ...
...to something softer... "since this is a problem only affecting XX% users...
..anyway thanks for responding.... I really do hope to try out your product.