I have an application that i run on an intranet server that runs on tomcat and OS being CentOS 7.
I recently installed an SSL from ZeroSSl.
The url https://rndops.iitg.ac.in/rndops/action.htm throws an error
403 (FORBIDDEN. You don't have permission to access /rndops/action.htm on this server.)
The url https://rndops.iitg.ac.in/rndops/login.htm works fine.
I have given 777 permissions on the project folder rndops inside tomcat/webapps, and also to /var/www/html.
I have also tried setting
AllowOverride All
Require all granted
in httpd.conf, but to no avail.
Any help would be greatly appreciated.
Edit: ssl_error_log shows this entry:
ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\"'
\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+$)" at ARGS:displayStatus. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:displayStatus: display:inline;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rndops.iitg.ac.in"] [uri "/rndops/action.htm"] [unique_id "X7yNB3JcqvhTem6@Xc8pbgAAAAo"], referer: https://rndops.iitg.ac.in/rndops/viewForm.htm
