Apologies.  Posted about this issue some time ago with specifics, or "sorta" specifics.  Basically any attempt to edit an existing setting like queues, notifications, etc gets a 403 access denied error.  Front end appears to work fine.  I have disabled mod_security for the OTRS virtual servers for the time being.

OTRS version is 3.0.7

Here's my mod_security recipe

<IfModule mod_security2.c>
    # This is the ModSecurity Core Rules Set.
   
    # Basic configuration goes in here
    Include modsecurity.d/*.conf
    Include modsecurity.d/base_rules/*.conf

    # Additional items taken from new minimal modsecurity conf
    # Basic configuration options
    SecRuleEngine On
    SecRequestBodyAccess On
    SecResponseBodyAccess Off
   
    # PCRE Tuning
    SecPcreMatchLimit 1000
    SecPcreMatchLimitRecursion 1000

    # Handling of file uploads
    # TODO Choose a folder private to Apache.
    # SecUploadDir /opt/apache-frontend/tmp/
    SecUploadKeepFiles Off
    SecUploadFileLimit 10

    # Debug log
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecDebugLogLevel 0

    # Serial audit log
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/httpd/modsec_audit.log

    # Set Data Directory
    SecDataDir /var/log/httpd/

    # Maximum request body size we will
    # accept for buffering
    SecRequestBodyLimit 131072

    # Store up to 128 KB in memory
    SecRequestBodyInMemoryLimit 131072

    # Buffer response bodies of up to
    # 512 KB in length
    SecResponseBodyLimit 524288

    # Verify that we've correctly processed the request body.
    # As a rule of thumb, when failing to process a request body
    # you should reject the request (when deployed in blocking mode)
    # or log a high-severity alert (when deployed in detection-only mode).
    SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
    "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"

    # By default be strict with what we accept in the multipart/form-data
    # request body. If the rule below proves to be too strict for your
    # environment consider changing it to detection-only. You are encouraged
    # _not_ to remove it altogether.
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
    "phase:2,t:none,log,deny,msg:'Multipart request body \
    failed strict validation: \
    PE %{REQBODY_PROCESSOR_ERROR}, \
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
    DB %{MULTIPART_DATA_BEFORE}, \
    DA %{MULTIPART_DATA_AFTER}, \
    HF %{MULTIPART_HEADER_FOLDING}, \
    LF %{MULTIPART_LF_LINE}, \
    SM %{MULTIPART_SEMICOLON_MISSING}, \
    IQ %{MULTIPART_INVALID_QUOTING}, \
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
    IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
   
    # Did we see anything that might be a boundary?
    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
   
    # Some internal errors will set flags in TX and we will need to look for these.
    # All of these are prefixed with "MSC_".  The following flags currently exist:
    #
    # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
    #
    SecRule TX:/^MSC_/ "!@streq 0" \
            "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

    # Local rules
    Include modsecurity.d/modsecurity_localrules.conf

</IfModule>




From: "Gerald Young" <crythias@gmail.com>
To: "User questions and discussions about OTRS." <otrs@otrs.org>
Sent: Monday, August 29, 2011 10:02:47 AM
Subject: Re: [otrs] mod_security configuration

What is your current mod_security recipe?
http://www.howtoforge.com/apache_mod_security_p2

I don't have mod_security implemented, but if you give us a bit more than "various parts of the admin interface are blocked" someone might be able to assist. It's very possible that certain keywords are blocked. You also haven't told us what version (?) of OTRS you're using. 

On Mon, Aug 29, 2011 at 12:05 PM, Ralf Hildebrandt <Ralf.Hildebrandt@charite.de> wrote:
* Jefferson Davis <jdavis@standard.k12.ca.us>:
> Nothing???? Really???? No one has successfully used mod_securty with OTRS?

Well, why not look at the logs to see what is blocked and why?
(no, Im'm not running mod_security on my OTRS box)

--
Ralf Hildebrandt
 Geschäftsbereich IT | Abteilung Netzwerk
 CharitĂ© - Universitätsmedizin Berlin
 Campus Benjamin Franklin
 Hindenburgdamm 30 | D-12203 Berlin
 Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
 ralf.hildebrandt@charite.de | http://www.charite.de

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs