Fix the rules in mod security - mysql

I have install mod security 2.5.12
i got the error 403 Forbidden for some php file
So it is false positive
i want to disable the rule for this perticular warning
So can any one tell me that how can i know the rule for this error in mod security file??

In the mod_security.log file is written the line and the rule. For example:
Message: Access denied with connection close (phase 2). Matched phrase "msnbot" at REQUEST_HEADERS:User-Agent. [file "/home/oscar/conf/mod_sec_default_action.conf"] [line "28"] [id "60008"]
You should add or modify the SecAuditEngine parameter to begin to log in httpd.conf, with the value
SecAuditEngine On
, or
SecAuditEngine RelevantOnly
The rule information appears in the file you have especified in SecAuditLog in httpd.conf.
SecAuditLog /logs/mod_security.log

Related

ESP32 cannot upload code write_flash error

I'm getting this error on Arduino(1.8.9).
usage: esptool write_flash [-h] [--erase-all]
[--flash_freq {keep,40m,26m,20m,80m}]
[--flash_mode {keep,qio,qout,dio,dout}]
[--flash_size FLASH_SIZE]
[--spi-connection SPI_CONNECTION] [--no-progress]
[--verify] [--compress | --no-compress]
<address> <filename> [<address> <filename> ...]
esptool write_flash: error: argument <address>
<filename>: [Errno 2] No such file or directory:'/home/USER/.arduino15/packages/esp32/hardware/esp32/1.0.2/tools/partitions/boot_app0.bin'
esptool write_flash: error: argument <address> <filename>: [Errno 2] No such file or directory: '/home/USER/.arduino15/packages/esp32/hardware/esp32/1.0.2/tools/partitions/boot_app0.bin'
Although boot_app0.bin file is present:
image link
To fix this problem you can try to edit the platform.txt file which you can find in your esp package directory.
So, you need to replace inner section with code written below:
## Combine gc-sections, archives, and objects
recipe.c.combine.pattern={recipe.hooks.linking.prelink.1.pattern} & "{compiler.path}{compiler.c.elf.cmd}" {build.exception_flags} -Wl,-Map "-Wl,{build.path}/{build.project_name}.map" {compiler.c.elf.flags} {compiler.c.elf.extra_flags} -o "{build.path}/{build.project_name}.elf" -Wl,--start-group {object_files} "{archive_file_path}" {compiler.c.elf.libs} -Wl,--end-group "-L{build.path}" & {recipe.objcopy.hex.1.pattern}
The key thing here is "{recipe.hooks.linking.prelink.1.pattern} &" at start and "& {recipe.objcopy.hex.1.pattern}" at the end. The text between is the part of the platform.txt file, that you dont need to change.
The above is true for OS Windows. In OS Linux set {recipe.hooks.linking.prelink.1.pattern} ;" and "; {recipe.objcopy.hex.1.pattern}".
Its solve my problem for ESP8266, I hope its will be helpful for you too.
Reference link https://www.eclipse.org/forums/index.php/t/1095090/
if you are using esptool. Make sure you actually download the files from github using the download button instead of using the save as option when u right click on the file name.

Composer->does not contain valid JSON

Using: composer search 'tokens'command the IDE threw this error. I can't search neither download packages from: packagist.org
C:\ProgramData\ComposerSetup\bin\composer.bat search fosuserbundle
[Seld\JsonLint\ParsingException]
"http://packagist.org/packages.json" does not contain valid JSON
Parse error on line 1:
<HTML><HEAD><meta h
^
Expected one of: 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '['
search [-N|--only-name] tokens1 ... [tokensN]
In windows machine, I've followed all these steps and get back in a correct behaviour (my problem was happening with composer require, but I believe it's the same as you described using composer search or if we would be using composer install for example. So, let´s see the steps:
Update composer (`composer self-update)
Disable IPV6 (as pointed in official docs, misconfigured IPV6 setting is a common source of issues)
Delete (or rename to repo_temp) your folder %LOCALAPPDATA%\Composer\repo (in order to have all contents updated)
Delete (or rename to vendor_temp) your vendor folder inside your project (in order to force composer to download all components again, and as pointed in this thread comment)
After doing these steps, in my, case, the issue was gone!
Message before (ERROR):
> composer require ...
...
"https://packagist.org/packages.json" does not contain valid JSON
Parse error on line 1:
▼\\\\\\♥��ݎ♀���
^
Expected one of: 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '['
https://packagist.org could not be fully loaded, package information was loaded from the local cache and may be out of date
Message after doing the steps (OK)!:
> composer require ...
...
Writing lock file
Generating autoload files

Config.php -error when logging in

After updating to 2.1.7 I get an error in the backend saying
" Warning: Invalid argument supplied for foreach() in /domains/domaindomain.nl/DEFAULT/src/Config.php on line 641
Warning: Cannot modify header information - headers already sent by (output started at /domains/ityhardy.nl/DEFAULT/src/Config.php:641) in /domains/ityhardy.nl/DEFAULT/src/Users.php on line 287
"
Using SQLite on this site.
Frontend seems to work fine.
I must add that at the time of updating I was making small changes in contenttypes.yml, don't know in which exact order I did what.
Found it: There was a stray “uses” in the wrong field somewhere in contenttypes.yml

Perl issues regarding mysql:Can't locate object method "connect" and Can't use string ("") as a HASH

I'm currently trying to run NERVE a vaccine development program that is made up of Perl scripts and have trouble getting it to run properly. I've downloaded and installed all prerequisites but every time I reach the mysql step of the code, it crashes, and an error message says: Can't locate object method "connect" via package "Mysql" (perhaps you forgot to load "Mysql"?) at ./NERVE line 340, line 5. I took a look at the code and changed "use mysql" to "use DBI" and "use DBD:mysql" but then I get the error: Can't use string ("") as a HASH ref while "strict refs" in use at /usr/local/lib/perl/5.14.2/DBI.pm line 604, line 5.
I would appreciate if anyone could look the code over for the mysql section and give me advice on how to fix it so I can run the program properly. I tried emailing the developers but no response so I'm hoping you guys can help me.
Below is the perl code for NERVE for the mysql section.
use mysql;
$db=Mysql->connect("$host","$database","$user","$password");
if(!$db || (!$host || !$database || !$user || !$password)){
print "\nAttention: mysql connection parameters are missing or not correct!\n";
print "I need you to specify: host, database, user, password;\n";
print "You can do it now typing them right in that order and separeted only by comma;\n";
print "For example:localhost,Pathogens,sandro,xvzhs\n";
print "So, your Mysql connection settings are (type q to quit):";
while (!($db && $mysql =~ /,/) & $mysql ne "q"){
chomp($mysql = <STDIN>);
die "Ok,let's quit this work! Call me when your mind is clearer about Mysql parameters! Bye :-)\n" if $mysql eq "q";
($host,$database,$user,$password) = split (',',$mysql);
$db=Mysql->connect("$host","$database","$user","$password");
last if($db && $mysql =~ /,/);
print "\nMysql connection settings still not correct!\n";
print "Remember: host, database, user, password, separeted only by comma.\n";
print "For example:localhost,Pathogens,sandro,xvzhs\n";
print "Please, try again:";
}
print "Ok, Mysql connection to \"$database\" database was successful!\n";
}
The error message is correct. You are attempting to use a module named , but you never loaded it. Change
use mysql;
to
use Mysql;
to use that module. In the comments, you mention that results in
Can't locate Mysql.pm in #INC
Unless you have reason to believe the module is installed, that indicates it needs to be installed[1]
That module used to be part of the DBD-mysql distribution, but it's obsolete. It's so ancient it was removed from DBD some years ago. To obtain it, you will need to downgrade your DBD-mysql distribution to version 3.0008.
That's pretty awful thing to do. The script should have DBI instead.
cjm points
since the Mysql.pm in 3.0008 is just a compatibility layer using DBI under the hood, you should be able to install Mysql.pm & Mysql/Statement.pm from that old dist along with a current DBD-mysql.
So if you extract Mysql.pm from the distro I linked above as /usr/lib/perl5/Mysql.pm and Mysql/Statement.pm as /usr/lib/perl5/Mysql/Statement.pm, you should have an easy pain-free solution.
In newer versions of Perl, the error message has been improved. It now reads as follows:
Can't locate Mysql.pm in #INC (you may need to install the Mysql module)

IF and ! = ns2 error

I have a problem with path in a tcl file. I tried to use
source " /tmp/mob.tcl "
and this path in bash file :
/opt/ns-allinone-2.35/ns-2.35/indep-utils/cmu-scen-gen/setdest/setdest -v 1 -n $n -p 10 -M 64 -t 100 -x 250 -y 250 >> /tmp/mob.tcl
The terminal give me this output:
..."
(procedure "source" line 8)
invoked from within
"source "/tmp/mob.tcl" "
(file "mobilita_source.tcl" line 125)
How I can do this?
Firstly, this:
source " /tmp/mob.tcl "
is very unlikely to be correct. The spaces around the filename inside the quotes will confuse the source command. (It could be correct, but only if you have a directory in your current directory whose name is a single space. That's really unlikely, unless you're a great deal more evil than I am.)
It really helps a lot if you stop making this error.
Secondly, the error message is both
Incomplete, with just an ellipsis instead of a full error on the first line
Really worrying, with source claimed to be a procedure (second line of that short trace).
It's legal to make a procedure called source, and sometimes the right thing to do, but if you're doing it then you have to be ever so careful to duplicate the semantics of the standard Tcl command or odd things will happen.
Thirdly, you've got a file of what is apparently generated code, and you're hitting a problem in it, and you're not telling us what is on/around line 125 of the file (the error trace is pretty clear on that front) or in the contents of the source procedure (which is non-standard; the standard source is implemented in C) and you're expecting us to guess what's going wrong for you??? Seriously?
Tcl error traces are usually quite clear enough for you to figure out what went wrong and where. If there's an unclear error, and it didn't come from user code (by calling error or return -code error) then let us know; we'll help (or possibly even change Tcl to make things clearer in the future). But right now, there's a complete shortage of information.
Here's an example of what a normal source error looks like:
% source /tmp/foo/bar/boo
couldn't read file "/tmp/foo/bar/boo": no such file or directory
% puts $errorInfo
couldn't read file "/tmp/foo/bar/boo": no such file or directory
while executing
"source /tmp/foo/bar/boo"
If a script generates an error directly, it's encouraged to be as clear as that, but we cannot enforce it. Sometimes you have to be a bit of a detective yourself…