Page 1 of 1

Common Issues Upgrading from 3.0.1.8 and below

Posted: 27 Mar 2017 11:43
by shawniverson
Common Issues you may encounter when upgrading from 3.0.1.8 and below.

Browser cache may need cleared after update -- viewtopic.php?f=13&t=2271

Table upgrades may fail when tables are marked as crashed -- viewtopic.php?f=13&t=2270 and viewtopic.php?f=13&t=2274

Not enough disk space to upgrade -- viewtopic.php?f=13&t=2280

Certain password strings may appear as an attack to mod_security and result in a Forbidden message (see below for how to fix).

Re: Common Issues Upgrading to 3.0.1.9

Posted: 27 Mar 2017 20:35
by shawniverson
Several of these issues will be fixed in a 3.0.2.0 maintenance release, which will be coming out soon.

Update (edited): 3.0.2.0 is out now, issues resolved are removed from the above list.

Re: Common Issues Upgrading to 3.0.1.9

Posted: 28 Mar 2017 22:35
by AITCS
Looking forward to it... having several issues since the update unfortunately.
Thanks for the great work so far.

Re: Common Issues Upgrading to 3.0.1.9

Posted: 31 Mar 2017 12:21
by bostjanc
One more thing, dunno it's regarding any EFA upgrades or pushing yum updates lately on Efa appliance.
Today when I have analyzed some mail delivery (less /var/log/maillog) I have noticed a lot of errors:
"warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual "

Is this anything regarding EFA updates?
With best regards

Re: Common Issues Upgrading to 3.0.1.9

Posted: 31 Mar 2017 20:21
by shawniverson
That comes up from time to time. Just run

Code: Select all

sudo postmap /etc/postfix/virtual
And reload postfix.

Re: Common Issues Upgrading from 3.0.1.8 and below

Posted: 09 Apr 2017 17:01
by Triumf
Just updated and having this issue accessing the web after logging in:

Code: Select all

Forbidden

You don't have permission to access /mailscanner/checklogin.php on this server.
Looks like password too suspicious :)

Code: Select all

[severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] 

Re: Common Issues Upgrading from 3.0.1.8 and below

Posted: 09 Apr 2017 17:03
by shawniverson
Triumf wrote: 09 Apr 2017 17:01 Just updated and having this issue accessing the web after logging in:
Can you share with me what you are seeing in /var/log/httpd error logs when you try to log in?

Re: Common Issues Upgrading from 3.0.1.8 and below

Posted: 09 Apr 2017 17:09
by Triumf
Looks familiar with this thread: viewtopic.php?f=13&t=2283

Code: Select all

[Sun Apr 09 19:56:06 2017] [error] [client xxxxxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:mypassword. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] ...
My password contains only letters and numbers

Re: Common Issues Upgrading from 3.0.1.8 and below

Posted: 09 Apr 2017 17:16
by shawniverson
Add this to the end of /etc/httpd/conf.d/mod_security.conf in the eFa exceptions block at the end:

Code: Select all

SecRuleRemoveById 981260
And restart httpd.

Code: Select all

sudo service httpd restart

Re: Common Issues Upgrading from 3.0.1.8 and below

Posted: 09 Apr 2017 17:19
by Triumf
Thanks! Haven't noticed exception part in another thread.