Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

2 answers

modsecurity whitelist to allow file downloads?

I have a site that has modsecurity enabled but I am receiving 403 Forbidden when trying to access PDF documents on the server through the web site. Is there a way to whitelist pdf files to allowed to be served through the site or a possible…

apache-2.2 mod-proxy mod-security

asked Aug 14 '13 at 14:56

jeffci

121
1
5

1

vote

1 answer

mod_security to Inspect Post Variables

Can mod_security be used to inspect post variables? It looks like I can through turning SecRequestBodyAccess. I would like to check the username POST field from a form in wp-login.php. If it's value is "admin", I want to return an error and block…

mod-security

asked Aug 07 '13 at 02:32

Jared Pomranky

11
4

1

vote

0 answers

short Apache outages (VPS, ModSecurity)

I have a problem with my site recently hosted at Liquidweb, none of their techs seems to be able to solve this issue even after days. Was hoping I could get some help here. Occasionally, my site's HTTP will not respond - usually 2-3 times a day. It…

apache-2.2 vps http mod-security

asked May 09 '13 at 14:30

user173106

11
1

1

vote

1 answer

Apache vhost-specific logging

I have the following apache setting (in conf.d/owasp-modsecurity.conf): SecAuditLog "/var/www/vhosts/${lowercase:%{SERVER_NAME}}/statistics/logs/modsec_audit.log" When I do httpd -t I get the following error: Syntax error on line 15 of…

apache-2.2 logging mod-security

asked Apr 24 '13 at 08:16

Christian

462
5
22

1

vote

1 answer

Limit mod_security rule to one vhost only

I run several domains (via vhosts) with the same apache installation. Some domains require different mod_security rules than the others. In a seperate exceptions.conf file I collect all those rules and have this syntax: …

apache-2.2 virtualhost mod-security domain

asked Apr 23 '13 at 07:52

powtac

639
2
6
19

1

vote

2 answers

Blocking bad bots

I found this script and was wondering if this is just overkill and even worth using? Is it better for me to just use mod_security? # Generated using http://solidshellsecurity.com services # Begin block Bad-Robots from robots.txt User-agent:…

linux .htaccess mod-security robots.txt

asked Apr 17 '13 at 01:52

Tiffany Walker

6,541
13
53
77

1

vote

1 answer

Mod_security2 and clamav to catch malicious files on upload

Is there a clear documentation to describe the solution? It's very common and also necessary.

upload mod-security clamav anti-virus

asked Apr 04 '13 at 01:09

smhnaji

609
2
11
24

1

vote

1 answer

Dropping incoming requests for a specific file with iptables

Server is a standard LAMP stack configured via cpanel on CentOS 5.9. We have one file, call it bad.php, on one of our domains that is mistakenly being accessed about 10 times a second by a service provider. The file no longer exists, and we want to…

apache-2.2 iptables firewall mod-security

asked Mar 07 '13 at 02:09

Nathan Stretch

171
1
15

1

vote

1 answer

How do I include a rule set with ModSecurity on IIS?

I'm using ModSecurity 2.7.1 on IIS 7.5 / Windows 2008 R2. I've reference my base set up conf file in my Web.Staging.config of a site like so: How do I…

windows-server-2008 iis-7 asp.net mod-security

asked Dec 11 '12 at 07:02

autonomatt

133
5

1

vote

3 answers

ModSecurity compile error on nginx

I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the…

nginx centos6 mod-security

asked Nov 21 '12 at 16:07

user146481

19
1
3

1

vote

1 answer

mod_security2.so: undefined symbol: ap_unixd_set_gl

service httpd restart Stopping httpd: [ OK ] Starting httpd: httpd: Syntax error on line 205 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_security2.so into server:…

linux apache-2.2 mod-security

asked Oct 25 '12 at 19:04

Thompson Smith

49
2
6

1

vote

1 answer

Nginx with mod_security support

I have compiled nginx with mod_security support. In error log I can see the support for mod_security 2012/08/27 11:13:11 [info] 602096#0: ModSecurity for nginx/2.7.0-rc2 (http://www.modsecurity.org/) configured. 2012/08/27 11:13:11 [info]…

nginx reverse-proxy mod-security

asked Aug 27 '12 at 12:19

Hex

1,939
10
17

1

vote

1 answer

mod_security: track user to check if redirected to login failed page

I have to log when a user fails to log in to a web application. Unfortunately, this web application is not able to do this out of the box and I can not change it. Now I'm experimenting with mod_security. My idea is to track the POST request, extract…

mod-security

asked Aug 23 '12 at 07:50

mr51m0n

11
1

1

vote

1 answer

apt-get update Error

I get the following error when typing: # apt-get update W: Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/etch/Packages 404 Not Found [IP: 80.28.139.208 80] E: Some index files failed to download. They have been…

debian apt update mod-security

asked May 22 '12 at 08:34

h00j

378
6
21

1

vote

2 answers

error: libxml2 is required (modsecurity)

I am trying to install mod_security from source. when i run ./configure I get this error: configure: error: libxml2 is required After that error, I executed this command: yum install libxml2 It installed libxml2 properly. However, I'm still…

mod-security

asked Mar 25 '12 at 19:24

Kashif

473
9
20

Questions tagged [mod-security]