[resolved] You don't have permission to access /scp/queues.php on this server.

niklik

Hi all, I'm trying to add a column to a queue either from admin panel or the agent panel and i can't. In more detail if I try from the agent panel it loads for ever and i get the following error messages in the Plesk logs:

2020-01-30 00:08:03 Error XXX.XXX.XXX.XXX 403 POST /scp/ajax.php/tickets/search/save HTTP/1.0 https://mydomain.net/scp/tickets.php Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362 598 Apache access

2020-01-30 00:08:03 Error XXX.XXX.XXX.XXX [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\b(?:t(?:able_name\\b|extpos[^{a-zA-Z0-9]{1,}\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column(?:id|name)|mb_users|object(?:id|(?:nam|typ)e)|pg(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:columns[1][column_id]. [file "/etc/httpd/conf/modsecurity.d/rules/comodo/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mydomain.net|F|2"] [data "Matched Data: column_id found within ARGS_NAMES:columns[1][column_id]: columns[1][column_id]"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mydomain.net"] [uri "/scp/ajax.php/tickets/search/save"] [unique_id "XjICQ4nYBqymgWCJfaVNnwAAAGA"], referer: https://mydomain.net/scp/tickets.php Apache error}

But from the admin panel when I add the column and hit Create then I get a 403 Forbidden page saying "You don't have permission to access /scp/queues.php on this server."

On Plesk logs i see the following:

2020-01-30 00:18:08 Error XXX.XXX.XXX.XXX 403 POST /scp/queues.php? HTTP/1.0 https://mydomain.net/scp/queues.php?t=tickets&a=add Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 580 Apache access

2020-01-30 00:18:08 Error XXX.XXX.XXX.XXX [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\b(?:t(?:able_name\\b|extpos[^{a-zA-Z0-9]{1,}\\}()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column(?:id|name)|mb_users|object(?:id|(?:nam|typ)e)|pg(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:columns[1][column_id]. [file "/etc/httpd/conf/modsecurity.d/rules/comodo/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mydomain.net|F|2"] [data "Matched Data: column_id found within ARGS_NAMES:columns[1][column_id]: columns[1][column_id]"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mydomain.net"] [uri "/scp/queues.php"] [unique_id "XjIEoPbOzlWg0eXc27tcdwAAAK0"], referer: https://mydomain.net/scp/queues.php?t=tickets&a=add Apache error

Anyone any idean whats might be the issue?

osTicket Version v1.12.5 (933bb1f) — Up to date
Web Server Software Apache
MySQL Version 10.2.27
PHP Version 7.1.33

ntozier

niklik ModSecurity: Access denied

You are running Apache module called mod_security. It is prohibiting access to certain files. You will need to read the mod_security docs to re-write the rule blocking it.

niklik

OK I did that and the issue is resolved.
Thanks

ntozier

Great glad to hear it. I'll mark this as resolved and please feel free to start a new thread if you have another question.