Hi, I get a 403 error box in PHPMYADMIN when I try to use the below ".htaccess firewall" on my Virtualmin PRO server. But I am able to use the .htaccess firewall on my Virtualmin GPL servers with no problems. Can you help? Thx! Jim
.htaccess firewall:
# 6G BLACKLIST/FIREWALL (beta)
# @ http://perishablepress.com/6g-beta/
# 6G:[REQUEST STRINGS]
RedirectMatch 403 ^/wp-admin/post.php
RedirectMatch 403 /(\$|\*)/?$
RedirectMatch 403 (?i)(<|>|:|;|\'|\s)
RedirectMatch 403 (?i)([a-zA-Z0-9]{18})
RedirectMatch 403 (?i)(https?|ftp|php)\:/
RedirectMatch 403 (?i)(\"|\.|\_|\&|\&)$
RedirectMatch 403 (?i)(\=\\\'|\=\\%27|/\\\'/?)\.
RedirectMatch 403 (?i)/(author\-panel|submit\-articles)/?$
RedirectMatch 403 (?i)/(([0-9]{5})|([0-9]{6}))\-([0-9]{10})\.(gif|jpg|png)
RedirectMatch 403 (?i)(\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 (?i)/uploads/([0-9]+)/([0-9]+)/(cache|cached|wp-opt|wp-supercache)\.php
RedirectMatch 403 (?i)\.(asp|bash|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf|well)
RedirectMatch 403 (?i)/(^$|1|addlink|btn_hover|contact?|dkscsearch|dompdf|easyboard|ezooms|formvars|fotter|fpw|i|imagemanager|index1|install|iprober|legacy\-comments|join|js\-scraper|mapcms|mobiquo|phpinfo|phpspy|pingserver|playing|postgres|product|register|scraper|shell|signup|single\-default|t|sqlpatch|test|textboxes.css|thumb|timthumb|topper|tz|ucp_profile|visit|webring.docs|webshell|wp\-lenks|wp\-links|wp\-plugin|wp\-signup|wpcima|zboard|zzr)\.php
RedirectMatch 403 (?i)/(\=|\$\&|\_mm|administrator|auth|bytest|cachedyou|cgi\-|cvs|config\.|crossdomain\.xml|dbscripts|e107|etc/passwd|function\.array\-rand|function\.parse\-url|livecalendar|localhost|makefile|muieblackcat|release\-notes|rnd|sitecore|tapatalk|wwwroot)
RedirectMatch 403 (?i)(\$\(this\)\.attr|\&pws\=0|\&t\=|\&title\=|\%7BshopURL\%7Dimages|\_vti\_|\(null\)|$itemURL|ask/data/ask|com\_crop|document\)\.ready\(fu|echo.*kae|eval\(|fckeditor\.htm|function.parse|function\(\)|gifamp|hilton.ch|index.php\&\;quot|jfbswww|monstermmorpg|msnbot\.htm|netdefender/hui|proc/self|skin/zero_vote|/spaw2?|text/javascript|this.options)
# 6G:[QUERY STRINGS]
RewriteCond %{REQUEST_URI} !^/$ [NC]
RewriteCond %{QUERY_STRING} (mod|path|tag)= [NC,OR]
RewriteCond %{QUERY_STRING} ([a-zA-Z0-9]{32}) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (\?|\.\./|\.|\*|:|;|<|>|'|"|\)|\[|\]|=\\\'$|%0A|%0D|%22|%27|%3C|%3E|%00|%2e%2e) [NC,OR]
RewriteCond %{QUERY_STRING} (benchmark|boot.ini|cast|declare|drop|echo.*kae|environ|etc/passwd|execute|input_file|insert|md5|mosconfig|scanner|select|set|union|update) [NC]
RewriteRule .* - [F,L]
# 6G:[USER AGENTS]
#SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (<|>|'|<|%0A|%0D|%27|%3C|%3E|%00|href\s) keep_out
SetEnvIfNoCase User-Agent (archiver|binlar|casper|checkprivacy|clshttp|cmsworldmap|comodo|curl|diavol|dotbot|email|extract|feedfinder|flicky|grab|harvest|httrack|ia_archiver|jakarta|kmccrew|libwww|loader|miner|nikto|nutch|planetwork|purebot|pycurl|python|scan|skygrid|sucker|turnit|vikspider|wget|winhttp|youda|zmeu|zune) keep_out
Order Allow,Deny
Allow from all
Deny from env=keep_out
# 6G:[REFERRERS]
RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} ([a-zA-Z0-9]{32}) [NC]
RewriteRule .* - [F,L]
# 6G:[BAD IPS]
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
Comments
Submitted by andreychek on Thu, 04/30/2015 - 09:47 Comment #1
Howdy -- just to clarify, you're saying things work properly without the htaccess file, but when it's in place, you receive that 403 error?
If that's the case --
It's tough to say which of those lines might be triggering the 403 error you're seeing.
However, that could be determined with some troubleshooting.
What you may want to try is commenting out one of the lines in your .htaccess, then reloading phpMyAdmin.
If phpMyAdmin loads, then you found the culprit -- perhaps you could keep that one particular line commented out.
If phpMyAdmin doesn't load, you can try commenting out the next line and then reloading phpMyAdmin... just keep commenting out lines and reloading the page until your site loads properly, and that should help you identify which line is causing the problem.
Submitted by jimdunn on Fri, 05/01/2015 - 07:35 Pro Licensee Comment #2
Ok, yes, it causes phpMyAdmin to 403 error when using Virtualmin PRO.
But phpMyAdmin works fine when using Virtualmin GPL.
QUESTION: Could you suggest which 403 line might be causing it? Thx!
Submitted by andreychek on Fri, 05/01/2015 - 09:42 Comment #3
Sorry I'm really not sure which line it might be, the best way to learn that would be to troubleshoot the issue by commenting out the lines as described above. That should only take a couple of minutes to test though.
As far as Virtualmin Pro vs GPL -- is it possible that those two servers have different phpMyAadmin versions installed?
If the distribution version is different, it's possible that one of the servers isn't running as recent a phpMyAdmin version. That may explain why it's working on one server and not the other.
Submitted by jimdunn on Fri, 05/01/2015 - 14:09 Pro Licensee Comment #4
all 4 of my machnes have the same exact images, same versions of phpMyAdmin, php, apache, etc.
The only difference, is that 1 has Virtualmin PRO, the other 3 have Virtualmin GPL.
Thx, I'll start testing.
Submitted by andreychek on Fri, 05/01/2015 - 14:13 Comment #5
The phpMyAdmin Install Script for Virtualmin Pro and GPL should be the same.
If the OS itself is the same version, in theory that would mean the phpMyAdmin installs themselves should function the same as well.
I'm not quite sure what would be causing the issue you're seeing, unfortunately. However, let us know what you find with your testing.