ModSecurity/SecRequestBodyAccess does not play well with intercept_form_submit_module in Apache HTTPD.

Solution Unverified - Updated -

Issue

  • When ModSecurity/SecRequestBodyAccess is set to On, POSTed form inputs are not passed to PHP.
  • Difference in trace logging when set with SecRequestBodyAccess On/Off
- `SecRequestBodyAccess On`

[Sat May 19 20:06:15.887090 2018] [core:trace3] [pid 7241] request.c(304): [client 127.0.0.1:45214] request authorized without authentication by access_checker_ex hook: /abc.php, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887174 2018] [intercept_form_submit:debug] [pid 7241] mod_intercept_form_submit.c(416): [client 127.0.0.1:45214] intercept_form_submit_init invoked, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887190 2018] [intercept_form_submit:debug] [pid 7241] mod_intercept_form_submit.c(440): [client 127.0.0.1:45214] inserted filter intercept_form_submit_filter, starting intercept_form_submit_filter_prefetch, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887194 2018] [intercept_form_submit:debug] [pid 7241] mod_intercept_form_submit.c(348): [client 127.0.0.1:45214] hit EOS, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887598 2018] [:error] [pid 7241] [client 127.0.0.1:45214] PHP Notice:  Undefined index: username in /var/www/html/rob.php on line 3, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887614 2018] [:error] [pid 7241] [client 127.0.0.1:45214] PHP Notice:  Undefined index: password in /var/www/html/rob.php on line 5, referer: http://127.0.0.1/abc.php
[Sat May 19 20:06:15.887781 2018] [headers:debug] [pid 7241] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Sat May 19 20:06:15.887803 2018] [http:trace3] [pid 7241] http_filters.c(1129): [client 127.0.0.1:45214] Response sent with status 200, headers:, referer: http://127.0.0.1/abc.php
- SecRequestBodyAccess Off

[Sat May 19 20:04:27.423030 2018] [core:trace3] [pid 7001] request.c(304): [client 127.0.0.1:45200] request authorized without authentication by access_checker_ex hook: /abc.php, referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.423107 2018] [intercept_form_submit:debug] [pid 7001] mod_intercept_form_submit.c(416): [client 127.0.0.1:45200] intercept_form_submit_init invoked, referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.423122 2018] [intercept_form_submit:debug] [pid 7001] mod_intercept_form_submit.c(440): [client 127.0.0.1:45200] inserted filter intercept_form_submit_filter, starting intercept_form_submit_filter_prefetch, referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.423136 2018] [intercept_form_submit:info] [pid 7001] [client 127.0.0.1:45200] login found in POST: username=sgdf, referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.423142 2018] [intercept_form_submit:info] [pid 7001] [client 127.0.0.1:45200] password found in POST: password=[REDACTED], referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.423493 2018] [authnz_pam:warn] [pid 7001] [client 127.0.0.1:45200] PAM authentication failed for user sgdf: System error, referer: http://127.0.0.1/abc.php
[Sat May 19 20:04:27.424291 2018] [headers:debug] [pid 7001] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Sat May 19 20:04:27.424315 2018] [http:trace3] [pid 7001] http_filters.c(1129): [client 127.0.0.1:45200] Response sent with status 200, headers:, referer: http://127.0.0.1/abc.php

Environment

  • Red Hat Enterprise Linux
    • 6.x, 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In