I got this error on my Cpanel server. It doesn't happen on every update, just some SQL.
[Sat Mar 11 03:48:18.409435 2017] [:error] [pid 31376:tid 140202228020992] [client 180.253.119.171] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "254"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname ""] [uri "/app/marketwatch/edit-listing.php"] [unique_id "WMO50kPhgfkAAHqQRtMAAACP"]
What usually cause SQL Injection error and how to get rid of this error?
解决方案
So, the mod_security got a false positive. I don't know somehow it uses modsec rule id 300015 instead of 300016 like usual and caught on false security rule. You can notice the id in [id "300015"]. So I edited modsec whitelisting in file /usr/local/apache/conf/modsec2/whitelist.conf and add this:
# Disable generic SQL injection rules globally
# for Drupal content admin
#might vary depending your code
# This is the important part
SecRuleRemoveById 300015
SecRuleRemoveById 300015
Don't forget to restart Apache afterward so it will take effect.
UPDATE
Somehow the configuration location changes to /etc/apache2/conf.d/modsec2/whitelist.conf