BUMP!!!! ----- Original Message ----- From: "Jefferson Davis" To: "User questions and discussions about OTRS." Sent: Thursday, August 25, 2011 1:38:16 PM Subject: Re: [otrs] mod_security configuration I should clarify that mod_security was the source of MY index.pl 403 errors. Does anyone have a working mod_security config for OTRS they'd be willing to share? ----- Original Message ----- From: "Jefferson Davis" To: "User questions and discussions about OTRS.org" Sent: Thursday, August 25, 2011 12:46:55 PM Subject: [otrs] mod_security configuration Can anyone provide some insight as to how I can prevent mod_security from interfering with OTRS? When it's default config is enabled various parts of the admin interface are blocked. I do not want to run apache without it but it makes OTRS act screwy. BTW this was the source of the otrs/index.pl 403 access denied errors. -- Jefferson K Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 661.392.2110 ext 120 (office) 661.392.0681 (fax) http://district.standard.k12.ca.us --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

* Jefferson Davis :

Nothing???? Really???? No one has successfully used mod_securty with OTRS?

Well, why not look at the logs to see what is blocked and why? (no, Im'm not running mod_security on my OTRS box) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de

Apologies. Posted about this issue some time ago with specifics, or "sorta" specifics. Basically any attempt to edit an existing setting like queues, notifications, etc gets a 403 access denied error. Front end appears to work fine. I have disabled mod_security for the OTRS virtual servers for the time being. OTRS version is 3.0.7 Here's my mod_security recipe <IfModule mod_security2.c> # This is the ModSecurity Core Rules Set. # Basic configuration goes in here Include modsecurity.d/*.conf Include modsecurity.d/base_rules/*.conf # Additional items taken from new minimal modsecurity conf # Basic configuration options SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess Off # PCRE Tuning SecPcreMatchLimit 1000 SecPcreMatchLimitRecursion 1000 # Handling of file uploads # TODO Choose a folder private to Apache. # SecUploadDir /opt/apache-frontend/tmp/ SecUploadKeepFiles Off SecUploadFileLimit 10 # Debug log SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel 0 # Serial audit log SecAuditEngine RelevantOnly SecAuditLogRelevantStatus ^5 SecAuditLogParts ABIFHZ SecAuditLogType Serial SecAuditLog /var/log/httpd/modsec_audit.log # Set Data Directory SecDataDir /var/log/httpd/ # Maximum request body size we will # accept for buffering SecRequestBodyLimit 131072 # Store up to 128 KB in memory SecRequestBodyInMemoryLimit 131072 # Buffer response bodies of up to # 512 KB in length SecResponseBodyLimit 524288 # Verify that we've correctly processed the request body. # As a rule of thumb, when failing to process a request body # you should reject the request (when deployed in blocking mode) # or log a high-severity alert (when deployed in detection-only mode). SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \ "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2" # By default be strict with what we accept in the multipart/form-data # request body. If the rule below proves to be too strict for your # environment consider changing it to detection-only. You are encouraged # _not_ to remove it altogether. SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ "phase:2,t:none,log,deny,msg:'Multipart request body \ failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ DB %{MULTIPART_DATA_BEFORE}, \ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_SEMICOLON_MISSING}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" # Did we see anything that might be a boundary? SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" # Some internal errors will set flags in TX and we will need to look for these. # All of these are prefixed with "MSC_". The following flags currently exist: # # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. # SecRule TX:/^MSC_/ "!@streq 0" \ "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # Local rules Include modsecurity.d/modsecurity_localrules.conf </IfModule> ----- Original Message ----- From: "Gerald Young" To: "User questions and discussions about OTRS." Sent: Monday, August 29, 2011 10:02:47 AM Subject: Re: [otrs] mod_security configuration What is your current mod_security recipe? http://www.howtoforge.com/apache_mod_security_p2 I don't have mod_security implemented, but if you give us a bit more than "various parts of the admin interface are blocked" someone might be able to assist. It's very possible that certain keywords are blocked. You also haven't told us what version (?) of OTRS you're using. On Mon, Aug 29, 2011 at 12:05 PM, Ralf Hildebrandt < Ralf.Hildebrandt@charite.de > wrote: * Jefferson Davis < jdavis@standard.k12.ca.us >:

Nothing???? Really???? No one has successfully used mod_securty with OTRS?

Well, why not look at the logs to see what is blocked and why? (no, Im'm not running mod_security on my OTRS box) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs