Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th May 2009, 00:44
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 262
Thanks: 32
Thanked 6 Times in 5 Posts
Default Ajax requests failed in Server Config

whenever I click on "web" or "Jailkit" in server config, I get the error message "ajax request failed".

why is that?
Reply With Quote
Sponsored Links
  #2  
Old 20th May 2009, 09:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

I'am not able to reproduce that on my systems. Take a look in the apache logile if there are any errors.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 20th May 2009, 10:30
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 262
Thanks: 32
Thanked 6 Times in 5 Posts
Default

you were right to point me in that direction - it appears mod_security is blocking the requests.
Reply With Quote
  #4  
Old 20th May 2009, 10:39
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 262
Thanks: 32
Thanked 6 Times in 5 Posts
Default

mod_security says "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"

now that's scary enough and I am happy that mod_security blocks that type of request. or should it?


what is the proper way?
- ISPC3 code to be modified not to trigger any modsecurity alerts (currently I do not know if the ajax functions in ISPC are a potential vulnerability?)
or
- modify mod_security rules to allow these requests from ISPC panel.
Reply With Quote
  #5  
Old 20th May 2009, 10:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

Quote:
now that's scary enough and I am happy that mod_security blocks that type of request. or should it?
No, it should not as it is not a injection attack.

Thats a false positive in mod security rules. A controlpanel mus be able to send a post request that contains the name of a system path like /etc/, otherwise you would not be able to administer the server. And this has nothing to do with the ajax functions in ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
manarak (20th May 2009)
  #6  
Old 20th May 2009, 11:05
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 262
Thanks: 32
Thanked 6 Times in 5 Posts
 
Default

the false positive is caused by rule file crs_40 line 114, id 950005

Is someone knowledgable enough in mod_security rules to tell the forum how to authorize ISPConfig and only ISPConfig to perform such requests on the server?

Thanks !
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection dropped by IMAP server gublym Server Operation 5 23rd January 2009 09:47
cacti problem - graphs have huge gaps Chip Installation/Configuration 7 7th February 2008 23:24
The Perfect Setup - Debian Etch (Debian 4.0) some trouble daniel80 HOWTO-Related Questions 26 1st February 2008 16:30
550-The recipient cannot be verified email problem safoo Installation/Configuration 7 29th November 2006 19:55
Webmail Relay Error palkat General 17 23rd April 2006 18:12


All times are GMT +2. The time now is 23:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.