403 Forbidden Error in PhpMyAdmin

[prasad0889]

Hey Everyone,

I am using DirectAdmin with OpenLiteSpeed,
I have enabled modsecurity rules from Comodo , when I import a sql file via PHPMyAdmin,
PHPMyAdmin gives an error 403, so I want to try to disable modsecurity for PHPMyAdmin.
I don't know which file should I edit so I can disable the modsecurity for PHPMyAdmin.

Any suggestion?

I have tried the following files as of now,

In the file: /usr/local/cwaf/etc/httpd/custom_user.conf
Added the following code, and it didn't work.

<Directory /var/www/html/phpMyAdmin>
SecRuleEngine Off
</Directory>

Tried it here:
/usr/local/lsws/conf/httpd-include.conf

context exp:^/phpMyAdmin {
type static
location /var/www/html/phpMyAdmin/
modsecurity  off
}

Any help would be greatly appreciated.

 

[Cold-Egg]

It might be easier if you check the error log, locate the rule ID, and then whitelist it or comment out the rule.

 

[prasad0889]

Thanks @Cold-Egg, I tried dsiabling the particular rule, but then the server load increases drastically.

 

[Cold-Egg]

That might be a different issue. Please check the log and server load to see which process or service uses the most resources, and if the server is under attack.

 

[prasad0889]

If I disable ModSecurity there are 100's of bots pinging different websites continuously. There are several LSPHP processes that are spawned and that increases the server load.
The server has around 130 accounts with over 550 websites overall.

 

[Cold-Egg]

For OLS, I don't think there's a way to bypass a directory. Have you tried to disable that single rule only and not the whole modsecurity service?

 

[prasad0889]

Yes, I tried disabling the rule from the logs, and it increased the server load like anything. So I had to re-enable the rule again.

 

[prasad0889]

For OLS, I don't think there's a way to bypass a directory. Have you tried to disable that single rule only and not the whole modsecurity service?

If it is not possible to bypass a directory with OLS, is it possible with LS Enterprise?
I can tell the customer to upgrade to LS Enterprise, if it works properly.

 

[Cold-Egg]

Yes, please check https://docs.litespeedtech.com/lsws...can-i-disable-modsecurity-for-a-single-domain for more details.

 

[prasad0889]

Yes, please check https://docs.litespeedtech.com/lsws...can-i-disable-modsecurity-for-a-single-domain for more details.

Thanks @Cold-Egg. I will go ahead and try suggesting the client to upgrade to LiteSpeed Enterprise.
Should a 2 worker license suffice, as currently OpenLiteSpeed is also running on 2 workers, and the loads are pretty decent, sitting in between 2-4, for a 12 thread CPU, with some spikes till around 10.

 

[Cold-Egg]

Yeah, 2-workers sound good. If the traffic is low, you can start with one worker.