[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I allow https through modsecurity?

Posted on 2014-08-14
2
Medium Priority
?
775 Views
Last Modified: 2014-08-17
Hi all,

I installed ISPConfig 3 and then got a StartSSL free certificate for it.
It works fine on port 8080 in https mode and the SSL certificate is recognized.
I access it using: https://www.mydomain.com:8080

Before I installed the SSL certificate I had a self-signed certificate which allowed ISP Config to work as above (there used to be a red line diagonally across the word "https" before because the certificate was not related to that domain) but also my domain to load as: http://www.mydomain.com

But since I installed the StartSSL certificate, I can only access the ISPConfig but not my normal site anymore.
I believe that sine the self-signed certificate was made out to my FQDN it did not cause any conflicts but now that the new Startssl certificate is made out to www.mydomain.com it is causing all this.
Now when I access my domain I get this error: Forbidden. You don't have permission to access / on this server.

The culprit behind it all is modsecurity which has the SecRuleEngine On. If I turn that Off everything works fine, but with it on I don't really know how to make the right modifications in the apache.conf, my virtualhost's conf file or any other file that I do not know about.

What should I do? I need the two things to work, with mod-security turned on, as before:
https://www.mydomain.com:8080 -> ISPConfig (working, the https does not have any red line striking through anymore)
http://www.mydomain.com -> my website (at present not working)

I temporarily tried turning the SecRuleEngine to Off and everything started working again, but that was a scenario which I would not like to keep. I need mod_security to be on and the sites to work at the same time.

thanks in advance
0
Comment
Question by:badwolfff
2 Comments
 
LVL 11

Accepted Solution

by:
Chris Gralike earned 2000 total points
ID: 40265411
Hi badwolff,

Could you please post the Apache error and access logs. Do this by:
0. Stop httpd.
1. moving the old logs,
2. configure the logging at INFO level,
3. start httpd,
4. make a request on the erroneous URL.
5. Post the logging results contained in the access and errorlog here.

rgrds, Chris
0
 

Author Comment

by:badwolfff
ID: 40266014
Thanks Chris, all sorted. All it needed was a reboot of the system for the new rules I had written to activate. Sorry for the trouble. If I get stuck again I will write back.

And since you are the only one who took the trouble to reply, the points are yours.

Thankd
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question