Kanboard
Add new task crashes server because of Apache ModSecurity #5216
Replies: 4 comments
-
|
See https://docs.kanboard.org/en/1.2.23/admin_guide/requirements.html#compatible-web-servers
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the quick reply! Don't know how I missed that.. |
Beta Was this translation helpful? Give feedback.
-
|
Can nothing be done on Kanboard's end to make it compatible ? |
Beta Was this translation helpful? Give feedback.
-
Looks like Enabling URL rewrite and updating the code base to add the missing routes might work. For reference: https://docs.kanboard.org/v1/admin/url-rewriting/ |
Beta Was this translation helpful? Give feedback.
-
So far this project looks amazing!
Checklist
Actual behaviour
When I'm in the board view and try to add a new task, nothing happens. When I switch to list or other view my server crashes. According to the logs, it's due to modsecurity doing something
Expected behaviour
Show the add new task modal.
Logs
[client 2001:1c00:2490:8700:e41a:79e2:eb47:f9c4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\b(?:t(?:able_name\\b|extpos[^a-zA-Z0-9_]{1,}\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:column_id. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||work.ndijk.com|F|2"] [data "Matched Data: column_id found within ARGS_NAMES:column_id: column_id"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "work.ndijk.com"] [uri "/"] [unique_id "YxkGa@1Y-B3zLYJEAxdINwAAAE8"]
Configuration
Beta Was this translation helpful? Give feedback.
All reactions