Page 1 of 1
Common Issues Upgrading from 3.0.1.8 and below
Posted: 27 Mar 2017 11:43
by shawniverson
Common Issues you may encounter when upgrading from 3.0.1.8 and below.
Browser cache may need cleared after update --
viewtopic.php?f=13&t=2271
Table upgrades may fail when tables are marked as crashed --
viewtopic.php?f=13&t=2270 and
viewtopic.php?f=13&t=2274
Not enough disk space to upgrade --
viewtopic.php?f=13&t=2280
Certain password strings may appear as an attack to mod_security and result in a Forbidden message (see below for how to fix).
Re: Common Issues Upgrading to 3.0.1.9
Posted: 27 Mar 2017 20:35
by shawniverson
Several of these issues will be fixed in a 3.0.2.0 maintenance release, which will be coming out soon.
Update (edited): 3.0.2.0 is out now, issues resolved are removed from the above list.
Re: Common Issues Upgrading to 3.0.1.9
Posted: 28 Mar 2017 22:35
by AITCS
Looking forward to it... having several issues since the update unfortunately.
Thanks for the great work so far.
Re: Common Issues Upgrading to 3.0.1.9
Posted: 31 Mar 2017 12:21
by bostjanc
One more thing, dunno it's regarding any EFA upgrades or pushing yum updates lately on Efa appliance.
Today when I have analyzed some mail delivery (less /var/log/maillog) I have noticed a lot of errors:
"warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual "
Is this anything regarding EFA updates?
With best regards
Re: Common Issues Upgrading to 3.0.1.9
Posted: 31 Mar 2017 20:21
by shawniverson
That comes up from time to time. Just run
And reload postfix.
Re: Common Issues Upgrading from 3.0.1.8 and below
Posted: 09 Apr 2017 17:01
by Triumf
Just updated and having this issue accessing the web after logging in:
Code: Select all
Forbidden
You don't have permission to access /mailscanner/checklogin.php on this server.
Looks like password too suspicious
Code: Select all
[severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Re: Common Issues Upgrading from 3.0.1.8 and below
Posted: 09 Apr 2017 17:03
by shawniverson
Triumf wrote: ↑09 Apr 2017 17:01
Just updated and having this issue accessing the web after logging in:
Can you share with me what you are seeing in /var/log/httpd error logs when you try to log in?
Re: Common Issues Upgrading from 3.0.1.8 and below
Posted: 09 Apr 2017 17:09
by Triumf
Looks familiar with this thread:
viewtopic.php?f=13&t=2283
Code: Select all
[Sun Apr 09 19:56:06 2017] [error] [client xxxxxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:mypassword. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] ...
My password contains only letters and numbers
Re: Common Issues Upgrading from 3.0.1.8 and below
Posted: 09 Apr 2017 17:16
by shawniverson
Add this to the end of /etc/httpd/conf.d/mod_security.conf in the eFa exceptions block at the end:
And restart httpd.
Re: Common Issues Upgrading from 3.0.1.8 and below
Posted: 09 Apr 2017 17:19
by Triumf
Thanks! Haven't noticed exception part in another thread.