It appears that because ISPmanager is called via '/manager/ispmgr', the entry for '<LocationMatch /manager/>' in 10_asl_rules.conf is causing some requests to fail, i.e., when trying to edit files in ISPmanager's File Manager, you get "You don't have permission to access /manager/ispmgr on this server.".
So, a) is there a way to preempt that Location entry with one that is specifically for '/manager/ispmgr' that is then ignored/permitted, and b) in this case the report of the problem was with a file editor, so is there another section we should be looking that might be interfering?
Thanks,
roho
mod_security and ISPmanager
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: mod_security and ISPmanager
LocationMatch is used to exclude rules, or to change rules. So it sounds like you may have a false positive. Could you send us the audit payload for that event?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone