<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1543" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>
<DIV>
<P><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hello,</SPAN><?xml:namespace prefix
= o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></P>
<P><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">i am a newbie in
mod_security and have the following Problem. I have installed a CentOS4.3 Box
with Mod Security Version 1.9.4 and all Roles from Gotroot.com. When i login to
the Joomla Admin and klick on Global Configuration and save entire changes is
the following error occurred: Forbidden - You do not have permission to access
this document. When i look in the audit.log file the following entry is
indicated.<SPAN class=937452712-12072006> </SPAN></SPAN></P>
<P><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have changed Domain and
IP in the following entry<SPAN class=937452712-12072006>.</SPAN></SPAN></P>
<P><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">==b46a2106==============================<BR>Request:
<A title=http://www.diskspace4you.com/
href="BLOCKED::http://www.diskspace4you.com/">www.domain.com</A> 80.30.172.10 -
- [12/Jul/2006:14:19:48 +0200] "POST /administrator/index2.php HTTP/1.1" 403 962
"<A
title=https://www.diskspace4you.com/administrator/index2.php?option=com_config&hidemainmenu=1
href="BLOCKED::https://www.diskspace4you.com/administrator/index2.php?option=com_config&hidemainmenu=1">https://www.domain.com/administrator/index2.php?option=com_config&hidemainmenu=1</A>"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508
Firefox/1.5.0.4" - "-"<BR>----------------------------------------<BR>POST
/administrator/index2.php HTTP/1.1<BR>Host: <A title=http://www.domain.com/
href="BLOCKED::http://www.domain.com/">www.domain.com</A><BR>User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508
Firefox/1.5.0.4<BR>Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5<BR>Accept-Language:
de-de,de;q=0.8,en-us;q=0.5,en;q=0.3<BR>Accept-Encoding:
gzip,deflate<BR>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<BR>Keep-Alive:
300<BR>Connection: keep-alive<BR>Referer: <A
title=https://www.diskspace4you.com/administrator/index2.php?option=com_config&hidemainmenu=1
href="BLOCKED::https://www.diskspace4you.com/administrator/index2.php?option=com_config&hidemainmenu=1">https://www.domain.com/administrator/index2.php?option=com_config&hidemainmenu=1</A><BR>Cookie:
0bf476054166d391db703895d14a54fd=28a7189c5b880b4ca60093d4405d953f;
virtuemart=cc0f88d9888d0caed5969b8c9b2d767b;
__utma=213567489.108317749.1152681911.1152681911.1152681911.1; __utmc=213567489;
__utmz=213567489.1152681911.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
dced49c144572773182058bbee80370c=f0e383bbea97449d128adf8237d345fc;
PHPSESSID=b2c1200b3e049f8f86454841ffd94794; locale=de-DE;
psaContext=server<BR>Authorization: Basic aGR3b2w6QmxhU2Noa2U=<BR>Content-Type:
application/x-www-form-urlencoded<BR>Content-Length:
2718<BR>mod_security-action: 403<BR>mod_security-message: Access denied with
code 403. Pattern match
"((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)"
at POST_PAYLOAD [id "300015"] [rev "1"] [msg "Generic SQL injection protection"]
[severity "CRITICAL"]</SPAN><o:p></o:p></P>
<P><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">2718<BR>config_offline=0&config_offline_message=Diese+Seite+ist+wegen+eines+Updates+kurzzeitig+nicht+erreichbar.%3Cbr+%2F%3E+Bitte+probieren+sie+in+k%FCrze+noch+einmal.+&config_error_message=This+site+is+temporarily+unavailable.%3Cbr+%2F%3E+Please+notify+the+System+Administrator+admin%40domain.com&config_sitename=Domains+und+Webspace+um+nur+3%2C99+Euro%2FMonat%2C+Webhosting%2C+Webspace%2C+Domains%2C+Domainregistrierungen%2C+Speicherplatz%2C+Gratis+Gaestebuch&config_shownoauth=0&config_allowUserRegistration=1&config_useractivation=0&config_uniquemail=1&config_frontend_login=1&config_frontend_userparams=1&config_debug=0&config_editor=htmlarea3_xtd-c&config_list_limit=10&config_favicon=&config_lang=germani&config_offset_user=1&config_locale=germani&config_link_titles=0&config_readmore=0&config_vote=0&config_hideAuthor=1&config_hideCreateDate=1&config_hideModifyDate=1&config_hits=1&config_hidePdf=1&config_hidePrint=1&config_hideEmail=1&config_icons=1&config_multipage_toc=1&config_back_button=0&config_item_navigation=1&config_ml_support=0&config_host=localhost&config_user=domain&config_db=domain&config_dbprefix=mos_&config_gzip=0&config_lifetime=900&config_session_life_admin=1800&config_admin_expired=1&config_session_type=0&config_error_reporting=-1&config_helpurl=&filePermsMode=1&config_fileperms=0644&filePermsUserRead=1&filePermsUserWrite=1&filePermsGroupRead=1&filePermsWorldRead=1&dirPermsMode=1&config_dirperms=0755&dirPermsUserRead=1&dirPermsUserWrite=1&dirPermsUserSearch=1&dirPermsGroupRead=1&dirPermsGroupSearch=1&dirPermsWorldRead=1&dirPermsWorldSearch=1&config_MetaDesc=Domains+und+Webspace+um+nur+3%2C99+Euro%2FMonat%2C+Domain%2C+Domains%2C+Domainregistrierung%2C+Webhosting%2C+Domainregistrierungen%2C+Webspace%2C+Speicherplatz%2C+Provider%2C+Domainpaket%2C+Gratis+Counter%2C+Gratis+Gaestebuch&config_MetaKeys=domains%2C+domain%2C+domainregistrierung%2C+webhosting%2C+domainregistrierungen%2C+speicherplatz%2C+webspace%2C+webhosting%2C+provider%2C+domainpaket%2C+webseiten%2C+programmierung%2C+design%2C+webdesign&config_MetaTitle=1&config_MetaAuthor=1&config_mailer=mail&config_mailfrom=office%40domain.com&config_fromname=Domain&config_sendmail=%2Fusr%2Fsbin%2Fsendmail&config_smtpauth=0&config_smtpuser=&config_smtppass=&config_smtphost=localhost&config_caching=0&config_cachepath=%2Fvar%2Fwww%2Fvhosts%2Fdomain.com%2Fhttpdocs%2Fcache&config_cachetime=900&config_enable_stats=0&config_enable_log_items=0&config_enable_log_searches=0&config_sef=1&config_pagetitles=1&option=com_config&config_absolute_path=%2Fvar%2Fwww%2Fvhosts%2Fdomain.com%2Fhttpdocs&config_live_site=http%3A%2F%2Fwww.domain.com&config_secret=TYteIbPtQ78ejtYX&task=apply</SPAN><o:p></o:p></P>
<P><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">HTTP/1.1 403
Forbidden<BR>Last-Modified: Mon, 20 Mar 2006 20:21:14 GMT<BR>ETag:
"44d041-3c2-e675a280"<BR>Accept-Ranges: bytes<BR>Content-Length:
962<BR>Connection: close<BR>Content-Type:
text/html<BR>--b46a2106--</SPAN><o:p></o:p></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face=Arial><FONT
size=2><SPAN class=937452712-12072006>Best Regards</SPAN></FONT></FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face=Arial><FONT
size=2><SPAN
class=937452712-12072006>Blackstorm</SPAN></FONT></FONT></P></DIV></FONT></DIV></BODY></HTML>