Menu
▾
▴
#4842 jquery.cookie.js triggers default Apache mod_security rules
wont-fix
nobody
High
2015-04-08
2015-04-06
No
The header of javascript loader getting error 406 in some linux distribution. I believe its for mod_security. The main file that cause problem is js/jquery/jquery.cookie.js
This problem was identified and discussed in many forum. Like https://forum.jquery.com/topic/jquery-cookie-js-triggers-default-apache-mod-security-rules
So, I made a small hack of core file "libraries\Header.class.php" on PMA_Header::_addDefaultScripts() method. I just rename the above file [as many other suggested to $this->_scripts->addFile('jquery/jquery-cookie.js');] that solve my issue i.e. I just rename that file from jquery.cookie.js to jquery-cookie.js that solves the issue.
Hope phpMyAdmin team will solve this problem in next release.
Thanks
Hello,
Thanks for the detailed report.
It appears as if this overzealous mod-security rule has been fixed with the Core Rule Set version 2.0.8, which was released on 2010.
The first thing I suggest is to update your rule set and see if that fixes the problem. Your Core Rule Set version number should be listed as part of the error message in the log.
I understand, but the problem is my client use share hosting. So, he OR I have no access to change OR update rule set. I believe phpMyAdmin is for everybody like for share hosting or dedicated.
I used this tools since I learn using MySql. That time I was copy and past the project into server and its working. But now a days its didn't work until I configure them correctly. I think this behavior need to take care deeply.
Thanks
Please clarify: there are many other filenames with two dots under our js/jquery structure; don't you have to rename all of these to fly under the mod_security radar?
(Sorry, now that I have read the full thread, I see that it's ".cookie" that triggers the rule.)
Last edit: Marc Delisle 2015-04-07
No, I just rename one filename that I reported above to fly under mod_security issue. - Thanks
Please clarify: there are many other filenames with two dots under our js/jquery structure; don't you have to rename all of these to fly under the mod_security radar? [bugs:#4842] jquery.cookie.js triggers default Apache mod_security rulesStatus: open
Group: 3.5.1
Labels: jquery cookie apache mod_security jquery.cookie.js
Created: Mon Apr 06, 2015 09:12 AM UTC by shahadat hossain khan
Last Updated: Tue Apr 07, 2015 06:47 AM UTC
Owner: nobodyThe header of javascript loader getting error 406 in some linux distribution. I believe its for mod_security. The main file that cause problem is js/jquery/jquery.cookie.jsThis problem was identified and discussed in many forum. Like https://forum.jquery.com/topic/jquery-cookie-js-triggers-default-apache-mod-security-rulesSo, I made a small hack of core file "libraries\Header.class.php" on PMA_Header::_addDefaultScripts() method. I just rename the above file [as many other suggested to $this->_scripts->addFile('jquery/jquery-cookie.js');] that solve my issue i.e. I just rename that file from jquery.cookie.js to jquery-cookie.js that solves the issue.Hope phpMyAdmin team will solve this problem in next release.ThanksSent from sourceforge.net because you indicated interest in https://sourceforge.net/p/phpmyadmin/bugs/4842/To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#4842Right Marc, as you see it's a regular expression with the modsecurity rule set that was a bit too restrictive and stopped any files with a .cookie in the file name. It's been fixed for some time and I'm not sure it's our responsibility to work around the issue, but in cases where the host refuses to update their rule set it does block access.
Added to the team meeting agenda at https://wiki.phpmyadmin.net/pma/2015-04_Meeting
In a team discussion, we decided against renaming this file.