Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

334 questions
1
vote
1 answer

How to debug modsecurity_audit_log

I was accessing www.example.com/RestAPI/index.php/tweets.json in my server. The modsec_audit.log showed the following error, but there is no related errors/warnings in modsec_debug.log. I could see the Internal Server error is logged in…
max87
  • 13
  • 2
1
vote
1 answer

Configuring mod_security on Ubuntu 10.04

After spending ~24 hours trying and failing to setup mod_security in Ubuntu 10.04 LTS, I've finally decided that I'm going to need some help. I've tried pretty much every tutorial I can find with a variety of rule sets - and I never seem to get the…
anon
1
vote
2 answers

How do I enable mod_security in Ubuntu 10.04?

A quick run through of what I've done: apt-get install libapache-mod-security a2enmod mod-security create /etc/apache2/mod_security_rules/ with base_rules and optional_rules from the latest core rules set create /etc/apache2/conf.d/mod_security as…
Andrew
  • 7,772
  • 3
  • 34
  • 43
1
vote
2 answers

mod_security never tells what the problem is

Normally I would just pester my provider to disable the rule. And while he certainly deserves pestering, I've done that way too often already for the low service price. (Like always this is about a mod_security rule that's just a blacklisting entry…
mario
  • 125
  • 12
1
vote
3 answers

Where does Ubuntu 10.04 store the configuration file of mod-security?

I've installed libapache-mod-security on Ubuntu 10.04. The only configuration file I've been able to find is this one: # cat /var/lib/dpkg/info/libapache-mod-security.conffiles /etc/apache2/mods-available/mod-security.load However, this does not…
ReinoutS
  • 281
  • 3
  • 3
1
vote
2 answers

Why doesn't my mod_security catch / log anything?

I installed mod_security on my Ubuntu GNU/Linux server but when I send some simple requests to the web server that should match even the simplest rules, I fail to see any alerts or any log files that were supposed to exist in /var/log/apache2. What…
Emre Sevinç
  • 239
  • 3
  • 6
  • 15
1
vote
2 answers

What web application firewall do you use? What should I use?

What web application firewall do you use? I'm primarily interested in something I can deploy on the perimeter that can protect multiple Apache and IIS servers, but I'd like to hear all answers. Tell me a little bit about how many servers it…
Antonius Bloch
  • 4,480
  • 6
  • 28
  • 41
1
vote
1 answer

how to control apache mod-security for IP-address

I have mod security installed on my server. It is working for all IP addresses. Now I need to EXCLUDE specific IP addresses from applying this mod-security. How can I do so? Is there a way to control it using apache?
Alaa Alomari
  • 638
  • 5
  • 18
  • 37
1
vote
1 answer

Simple, current how-to install mod-security on cPanel server?

Does anyone have or know of a simple, up to date how to for installing mod-security on cPanel and configuring it after install? Every how to on the web I've found is at least two years old and is based on a mod-security addon function in cPanel…
linux911
  • 99
  • 1
  • 8
1
vote
2 answers

What is the difference between an Audit Log and a regular Log (In the context of mod_security)?

I am using mod_security What is the difference between and audit log (audit trail) and a normal log? I read on wikipedia that an audit log is a log of user activity, if this is the case what would you need another log for - is it for system based…
Joshua Enfield
  • 3,404
  • 8
  • 41
  • 58
1
vote
0 answers

ModSecurity: Block all IPs except for a list of defined IPs

I have an apache server with ModSecurity. I need to block all IPs except for a few ones. The list of IPs is like…
Jacobo
  • 111
  • 1
1
vote
1 answer

How to get the remote hostname resolved through DNS when using Nginx and ModSecurity?

The question mod_security with OWASP CRS: Custom rule for whitelisting googlebot provides the following rule as the answer to verify the client's hostname: SecRule REMOTE_HOST “@rx google(bot|)\.com$” “id:50000,nolog,allow” This rule was meant to…
Ronaldo
  • 123
  • 4
1
vote
2 answers

Apache modsec + ssl proxy loop

I have a server where we have the following setup: http://example.com -(REDIRECT)-> https://example.com Now we would like to add a simple ssl proxy(on the same machine where the A record is also pointing to) that will do the…
Appelpitje
  • 11
  • 1
1
vote
1 answer

mod_security: How to log POST requests for specific URI ONLY?

I am currently running Apache 2.4.25 on Debian 9.8. I'm trying to set up mod_security to log POST request payloads for a specific URI. I have several API on a Debian server and I have to log all of them except 2. I tried to log only one URI for…
Sylvain Lefevre
  • 11
  • 2
1
vote
2 answers

ModSecurity blocks legitimate client requests

Randomly, the modsecurity blocks legitimate clients requests giving the error 403. Here is para of the modsec_audit.log: ---d6e99f36-A-- [21/Jun/2020:07:14:45 +0100] Xu761X8AAAEAADI1YrAAAABQ xxx.xxx.xxx.xxx 60036 xxx.xxx.xxx.xxx…
Kaspacainoombro
  • 13
  • 1
  • 5
1 2 3
22 23