nickg
September 3, 2014, 3:32pm
1
bonjour
j’ai a avant l’installationd de piwik :
403
La requête GET vers piwik.php a échoué. Essayez d’ajouter cette URL en liste blanche de mod_security et de l’authentification HTTP.
Après avoir effectué ces modifications, redémarrez votre serveur web.
mod_security n’est pas actif chez mon hébergeur.
j’ai bien regardé les différents messages à ce sujets mais je n’y comprend pas trop et encore moins pour deviner la solution :
http://piwik.org/faq/troubleshooting/#faq_100
http://forum.piwik.org/read.php?2,88617,page=1#msg-98619
opened 02:42AM - 08 Sep 12 UTC
closed 04:49AM - 05 Oct 21 UTC
Task
wontfix
Help wanted
c: Usability
not-in-changelog
Reported in: #2997, some work was done in the early days in #1460
- Hostgator us… ers need to contact their host to disable mod_security. Hundreds of piwik users have had to [contact their hosts](http://forum.piwik.org/read.php?2,44561,page=1#msg-44871) to disable mod_security.
- There are several known issues with Piwik and mod_security!
- [this thread](http://sourceforge.net/p/mod-security/mailman/message/32173108/) and [here](https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-September/000864.html)
```
I have found that almost all rules in modsecurity_crs_41_sql_injection_attacks.conf need
!REQUEST_COOKIES:/^_pk_ref.*/|!REQUEST_COOKIES:/^__utmz$/|!ARGS:gclid
for google adwords, google analytics and piwik to work ok with mod_security.
```
- [this one](http://forum.piwik.org/read.php?2,114386,page=1#msg-116260)
```
Pattern match "\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:pattern. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "20"] [id "1234123440"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
U4n-qUIt@YIADWbyzkUAAAB1 86.112.15.155 35095 66.45.249.132 80
--74545369-B--
```
As a proposed solution to inform users of potential issues early:
- Write a system check entry to check for mod_security and issue Warning if it is detected.
- Suggest to user that it is OK to disable mod_security for Piwik app.
- Maybe in this system check message we could also link [to FAQ](http://piwik.org/faq/troubleshooting/faq_100/) and this FAQ could list the rules to disable in the mod_security config. if some users reading here may contribute them?
See similar #5081
merci pour l’aide
matthieu
(Matthieu Aubry)
September 18, 2014, 12:51am
2
Ce bug devrait etre corrige sur Piwik 2.6.1 ! merci du rapport