I don't host there ... this is for someone else who does ...
Was creating a page resource in a course of a 3.5.highest of Moodle - code git acquired.
Went to save the page and got the dreaded Error 500 page. Internal Server Error ... blah, blah, blah.
URL: /course/modedit.php
In the customer/account area web server logs:
xx.xx.xx.xx - - [24/Dec/2018:09:33:51 -0500] "POST /site/course/modedit.php HT
TP/1.1" 404 - "https://server/site/course/modedit.php?add=page&type=&course
=4§ion=1&return=0&sr=0" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:64
.0) Gecko/20100101 Firefox/64.0"
404 is an apache error - NOT FOUND - file is there and owerships/permissions are correct.
After an hour or two of looking around, finally ... find the main apache server logs.
I find the error 500 and 404 which is what is returned by mod_security ... grumble, grumble ...
ModSecurity: Access denied with code 500
msg "Generic SQL injection protection"
The rule:
The rule:
#Generic SQL sigs
SecRule ARGS "((alter|create|drop):space:+(column|database|procedure|table)|delete:space:+from|update.+set.+=)" "id:300015,t:lowercase,rev:1,severity:2,msg:'Generic SQL injection protection'"
In the /modsec2/exclude.conf file I see quite a few entries for things like wordpresses, joomla's, other PHP based web apps ... none for Moodle.
Could venture guesses like:
# moodle
<LocationMatch "/course/modedit.php">
SecRuleRemoveById 300015
</LocationMatch>
But rather than spend what might be hours and hours ... and testing anything/everything that Moodle does, thought I'd ask community ...
Now the question ...
Has anyone a set of mod_security rules for Moodle?
Thanks, in advance ... and have a Merry, Merry!
'spirit of sharing', Ken