Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

16

votes

5 answers

mod_security block requests by http-host header

The last few days I noticed some servers being hammered with unknown requests. Most of them are like the following: 60.246.*.* - - [03/Jan/2015:20:59:16 +0200] "GET…

asked Jan 03 '15 at 19:13

Cha0s

2,432
2
15
26

13

votes

4 answers

mod_security - PCRE limits exceeded

Just about on every request I am getting the following error: Rule execution error - PCRE limits exceeded (-8): (null). After a bunch of googling the only solutions seem to be a) Add the following in your httpd.conf SecPcreMatchLimit…

apache-2.2 mod-security pcre

asked Mar 08 '12 at 04:16

ParoX

302
1
6
21

12

votes

3 answers

Disable modsecurity For a Specific Directory

How do you disable modsecurity for just a specific directory. I'm getting errors in phpMyAdmin that are caused by modsecurity tripping based on rules. I have the following files set up: #…

apache-2.2 centos httpd mod-security

asked Aug 21 '09 at 15:28

dragonmantank

483
3
12
19

12

votes

2 answers

What are PCRE limits?

In ModSecurity there are PCRE limits exceeded errors. I know I can fix this by setting rules such as: SecPcreMatchLimit 150000 SecPcreMatchLimitRecursion 150000 But, what are these rules actually doing? What does the PCRE limit recursion set to…

regex mod-security pcre

asked Jul 16 '12 at 19:36

user101130

9

votes

7 answers

Test whether mod_security is actually working

I'm running this on my staging server for the first time and I think I did everything correctly. I can see entries in modsec_audit.log when I run nikto2 against it, but for the life of me I can't manually make mod_security block anything. I've…

mod-security

asked Nov 07 '14 at 16:54

DrZaiusApeLord

1,174
2
9
18

8

votes

2 answers

Why does mod_security require an ACCEPT HTTP header field?

After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD"…

apache-2.2 http mod-security

asked Apr 08 '12 at 11:53

ripper234

5,710
9
40
49

7

votes

1 answer

How to get mod_security to log all POST data?

I currently have a CentOS system that is successfully logging relevant mod_security actions to the audit log file. The following is my configuration: SecRuleEngine On SecAuditEngine RelevantOnly SecAuditLog…

apache-2.2 mod-security

asked May 27 '15 at 17:59

Chris

263
2
4
9

7

votes

2 answers

Why does modsecurity require Content-Length in POST requests?

I have a RESTful web service that accepts a POST request to a resource without an entity body, e.g. an empty POST request. The default modsecurity configuration requires that all POST requests have a Content-Length: # Require Content-Length to be…

http mod-security

asked Sep 16 '09 at 00:33

toolbear74

213
2
8

6

votes

2 answers

Good free guide for mod_security?

I have looked at the official sites documentation, and it is a little tough to find starting points. Is there a free comprehensive guide that is easy to understand for someone that has never dealt with mod_security?

apache-2.2 security mod-security

asked Apr 21 '10 at 23:01

Joshua Enfield

3,404
8
41
58

5

votes

2 answers

How to include ModSecurity request final action in the Apache access.log

I'm currently using ModSecurity 2.7 and Apache 2.4.7 on Ubuntu Trusty. I would like to use Apache's LogFormat and CustomLog directives so that I can include a field indicating whether ModSecurity decided to allow a request to proceed or whether it…

apache-2.4 ubuntu-14.04 mod-security

asked Aug 05 '15 at 23:56

Jason Stangroome

345
7
21

5

votes

1 answer

SecAuditLogParts not working: mod_security keeps logging response body

I have set SecAuditLogParts in modsecurity.conf to just log ABFH, but the modsecurity audit log keeps logging -E- part (response body) which makes the audit log too big. What can I do to disable response body logging?

mod-security

asked Dec 13 '14 at 19:04

san671

51
1
5

5

votes

1 answer

how to whitelist a certain cookie string in ModSecurity

We are getting a lot of False Positives from using 3rd part software on our server. They themselves can't seem to fix it and I'm trying to work out how to allow cookies through that contain "CERTAINSTRING_" Below is an example of one of the bans. …

mod-security

asked Dec 17 '13 at 23:02

starchild

97
1
5

5

votes

1 answer

ModSecurity on Apache (Debian Wheezy), Authentication logging

I am new to ModSecurity, it works great on the server, but I would like to control the way it logs things. For example as I am troubleshooting my website in order to whitelist or correct php coding problems so that I can have a clean…

apache-2.2 debian authentication mod-security

asked Nov 17 '13 at 18:29

durduvakis

51
5

5

votes

1 answer

Enable Mod_Security for only one website

Is there a way to dis-able mod-security for all websites? except one? i have more than 500 websites hosted, only want to turn it on for one website, which is having attacks on it.

apache-2.2 mod-security

asked Mar 13 '13 at 07:50

Farhan

4,210
9
47
76

5

votes

2 answers

How do I find out if mod_security is installed on my apache server?

How can I find out if mod_security is installed on my apache server? I would also like to learn its version. I'm having some upload issues and I tried to disable mod_security using .htaccess. But that started producing 500 internal server errors. I…

apache-2.2 centos mod-security

asked Feb 25 '10 at 09:25

Haluk

903
2
15
20

Questions tagged [mod-security]