Now I feel silly: because this only addresses part of the problem. The application I am running under apache ALSO has phpmyadmin embedded in it. I need to also modify the CRS to allow direct phpmyadmin access via the standard use of a web browser (not port forwarding)
So to clarify, it looks like I need two answers: 1) how to enable/disable some or all of CRS based on the incoming interface, or ip address and 2) how to enable/disable some or all of CRS based on the request url, or the request path. I have only searched the archives for #1. I will be searching for #2. If there is already an answer to #2, I apologize in advance. --jason On Oct 30, 2010, at 8:34 AM, Jason Brooks wrote: > Hello, > > I need to solve this problem, but don't quite grok the mod_security > rules yet. I am running CRS 2.0.5. > > I have enabled phpmyadmin only via the localhost interface 127.0.0.1. > That way the tool may only be used after port-forwarding through ssh. > My trouble is that I get the messsge "You don't have permission to > access /ppc/openemr/phpmyadmin/tbl_change.php on this server.". > > I am fairly certain this message is correct: the selection I make in > phpmyadmin is indeed embedding sql into the request. However, the > solutions I find through google pretty much entirely disable sql > injection checking. I don't want this. > > I would like to simply disable sql injection checking for web server > access via the localhost port. Can anyone point me in the correct > direction? > > I really appreciate your help in advance. > > --jason > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
