If you start seeing horde issues with webmail when you send a message its easily fixed..
Create a .htaccess file of the following:
<IfModule mod_security.c>
<Files swx.php>
SecFilterInheritance Off
</Files>
</IfModule>
in /usr/share/psa-horde/imp
Then your problems are fixed
Horde errors with asl testing mod_security new rules - a fix
Horde errors with asl testing mod_security new rules - a fix
Last edited by aus-city on Mon Dec 03, 2007 5:13 pm, edited 1 time in total.
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Another thing to keep track of, PHP 5.2.5 and horde arent completely compatible. Youve got to modify the include path:
http://www.atomicorp.com/wiki/index.php/PHP
http://www.atomicorp.com/wiki/index.php/PHP
Scott,
Yes very true I had that problem first!
Perhaps you might want to put the info about getting around the mod_security issue with horde either in the PHP info or maybe another wiki.
Perhaps that is something to be aware of as certainly the latest mod_security well and truely breaks horde and when you try to send a email mod_security gives you a 403 error page.
Yes very true I had that problem first!
Perhaps you might want to put the info about getting around the mod_security issue with horde either in the PHP info or maybe another wiki.
Perhaps that is something to be aware of as certainly the latest mod_security well and truely breaks horde and when you try to send a email mod_security gives you a 403 error page.
I installed ASL for first time on my server yesterday.
I have the horde problem.
The fix is not working for me, 've put a .htaccess file on:
/usr/share/psa-horde/imp
with:
<IfModule mod_security.c>
<Files swx.php>
SecFilterInheritance Off
</Files>
</IfModule>
<IfModule mod_security2.c>
<Files swx.php>
SecFilterInheritance Off
</Files>
</IfModule>
But my problem is not fixed, every time a user tries to log in to horde, ASL blocks him. and a warn with a prohibit sign (not firewall) appears on the ASL dashborad with the following text:
85.xx.xx.xx - - [05/Dec/2007:10:29:30 +0100] "GET /index.php?url=http%3A%2F%2Fwebma 31106 12
Please help me, i need to disalbe 31106? how do I do that? its my first day with ASL, i need a quick fix to this
Thanks in advance
I have the horde problem.
The fix is not working for me, 've put a .htaccess file on:
/usr/share/psa-horde/imp
with:
<IfModule mod_security.c>
<Files swx.php>
SecFilterInheritance Off
</Files>
</IfModule>
<IfModule mod_security2.c>
<Files swx.php>
SecFilterInheritance Off
</Files>
</IfModule>
But my problem is not fixed, every time a user tries to log in to horde, ASL blocks him. and a warn with a prohibit sign (not firewall) appears on the ASL dashborad with the following text:
85.xx.xx.xx - - [05/Dec/2007:10:29:30 +0100] "GET /index.php?url=http%3A%2F%2Fwebma 31106 12
Please help me, i need to disalbe 31106? how do I do that? its my first day with ASL, i need a quick fix to this
Thanks in advance
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Sure, contact support@atomicorp.com, what you want to do is send the log file with the full alert so we can replay it here.
benji,
I actually dropped the .htaccess all together and am running all the rules in the rules.conf as in the package and I have not had any more issues.
It may have been something else causing the issue as I also had problems yesterday but today is fine.
Any blockages I now see are indeed all genuine I have looked them up in the audit logs.
I actually dropped the .htaccess all together and am running all the rules in the rules.conf as in the package and I have not had any more issues.
It may have been something else causing the issue as I also had problems yesterday but today is fine.
Any blockages I now see are indeed all genuine I have looked them up in the audit logs.
Thx aus-city,
But, what have you changed to solve it? I mean, its just that now is working well and before not.. and you didnt change anything?
I tried myself to enter with internet explorer to a webmail (horde), and it blocked my IP with rule 31106.
And is strange 'couse it depends on what webmail i try to enter (same server) if i enter my webmail. no problem, if i login on others domain webmail 31106 blocs it...
And i dont know how to get more info on it, 'couse i dont know where asl logs are... ¿?
But, what have you changed to solve it? I mean, its just that now is working well and before not.. and you didnt change anything?
I tried myself to enter with internet explorer to a webmail (horde), and it blocked my IP with rule 31106.
And is strange 'couse it depends on what webmail i try to enter (same server) if i enter my webmail. no problem, if i login on others domain webmail 31106 blocs it...
And i dont know how to get more info on it, 'couse i dont know where asl logs are... ¿?
Yep`, that's true, the users getting blocked when accessing webmail are listed on spamhaus.
But, the problem is, that most of my clients access internet using dynamic IP (its normal in my country), so they are not aware that their ip is listed, and, this yelds to random problems for them.
Is there any way to disble this SPAMHAUS DB check? Does that mean that, any user accessing with a listed IP wont be able to access webmail, as well as contact forms in any web site hosted in my server?
Edit: I've checked out my DSL router IP (dynamic) and is also listed, so I guess all the IP's of my provider are listed, but for some reason, i dont get bloked.
Edit2: Having disabled signatures 31106 3400031 3400026, still blocks webmails for domains ".cat" , for any other domain tld, with those signatures disabled, gives no problems at all. That was what was confusing me!! sometimes blocking and sometimes not!?!?, now I found it, its only the .cat domains webmail!!
But, the problem is, that most of my clients access internet using dynamic IP (its normal in my country), so they are not aware that their ip is listed, and, this yelds to random problems for them.
Is there any way to disble this SPAMHAUS DB check? Does that mean that, any user accessing with a listed IP wont be able to access webmail, as well as contact forms in any web site hosted in my server?
Edit: I've checked out my DSL router IP (dynamic) and is also listed, so I guess all the IP's of my provider are listed, but for some reason, i dont get bloked.
Edit2: Having disabled signatures 31106 3400031 3400026, still blocks webmails for domains ".cat" , for any other domain tld, with those signatures disabled, gives no problems at all. That was what was confusing me!! sometimes blocking and sometimes not!?!?, now I found it, its only the .cat domains webmail!!
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
You should see the RBL setting in /etc/asl/config, just set that to "off" and run "asl -s -f".
Thats pretty wild with the .cat extension, I didnt even know about that TLD. I can think of why its happening, since "cat" is a command its probably interpreting it as an argument to PHP.
We just finished a major rewrite of the whole modsecurity part of ASL, which is in the -bleeding channel right now. I'll probably push that down to the stable channel later today.
Thats pretty wild with the .cat extension, I didnt even know about that TLD. I can think of why its happening, since "cat" is a command its probably interpreting it as an argument to PHP.
We just finished a major rewrite of the whole modsecurity part of ASL, which is in the -bleeding channel right now. I'll probably push that down to the stable channel later today.