Mailwatch error 3.0.1.9 upgrade

[adrian.leigh]

I am getting the following error trying to login to mailwatch after a 3.0.1.9 upgrade that went through with no issues.
I have tried clearing cache and used another machine and browser.

Forbidden

You don't have permission to access /mailscanner/checklogin.php on this server.

Many thanks,

[shawniverson]

Take a look at the error logs in /var/log/httpd and see what is happening when you try to access MailWatch.

This might give us some insight.

[AITCS]

Could this possibly be caused by someone attempting to login/hack Mailwatch whilst you are already logged in?

The same error just occurred to me on one server after I'd been working on it for ~10 mins.
The following line came out of error_log:

[Tue Mar 28 09:32:30 2017] [error] [client 93.174.93.136] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.baidu.com"]...

[BliXem]

Try this:

In mod_security add:

SecRuleRemoveById 950109
SecRuleRemoveByID 981173
SecRuleRemoveByID 981249

and try again.

[shawniverson]

This and several other false positives resolved in 3.0.2.0.