ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
334 questions
1
vote
0 answers
mod_evasive triggering client denied by server configuration: from SquirrelMail download.php
mod_evasive is triggering the below errors from SquirellMail on Apache 2.4.43-1 on Fedora 31. And since this causes a 403 Forbidden error, Fail2ban is also triggered and blocks the IP, as it appears that the IP tries to access the 403 page 14 times…
RobbieTheK
- 390
- 5
- 15
1
vote
0 answers
ModSecurity, Create an IP Blacklist file
We have a list of IPs that we want blocked.
I currently have them blocked at the firewall, I would like to create a file that ModSecurity will read, and block those IPs.
This is a pretty big list, as it has been created over a couple years.
Is there…
Seth
- 11
- 2
1
vote
0 answers
Modsecurity...Host header is a numeric IP address Cannot serve directory no matching directoryindex
my system is
Debian 9
Apache2
php-fpm
i am experiencing an error with one of the websites on my webserver.
I have tried adding an index.html file into the public_html directory (and disabling htaccess and wordpress index.php), however it appears to…
adam
- 11
- 3
1
vote
1 answer
ModSecurity not writing to new rotated log files?
I've the following logs rotation set up in the OS for nginx's and modsec's logs, and it works for nginx's logs but not for modsec's. The result for modsec is that, it made a copy for the log file but it keeps on writing to the old one as…
skwokie
- 155
- 8
1
vote
1 answer
Apache too many child process - mpm_event caught SIGTERM shutting down
My Apache with ModSecurity, mod_evasive20 enabled occasionally geting crashed:
These are glimpse of error log:
[core:warn]**: child process 24709 still did not exit, sending a SIGTERM
[core:error]**: child process 24709 still did not exit, sending a…
TheMonkeyKing
- 111
- 1
- 3
1
vote
1 answer
mod_security default_SESSION.pag file huge size
default_SESSION.pag file showing 575G though df -h showing less.
/dev/xvda1 40G 19G 19G 51% /
What for this default_SESSION.pag file actually used? It is updated when there is entries coming in error log.
Mutex ssl-stapling-refresh:…
Valsaraj Viswanathan
- 133
- 1
- 8
0
votes
1 answer
Apache2 error "ModSecurity: Found another rule with the same id" Ubuntu18.04
downloaded v3.2.0
https://coreruleset.org/installation/ following instructions located in file INSTALL
But apache cannot start and returns this error -
AH00526: Syntax error on line 800 of /etc/apache2/crs/crs-setup.conf:
яну 19 01:36:09…
Denislav Karagiozov
- 101
- 2
0
votes
1 answer
Can mod_security be configured to create log only?
I've installed mod_security on openSUSE and want to make it log only.
I want absolutely no blocking or filtering of any kind.
I've created a config file as:
SecAuditEngine On
SecAuditLog /siteA/user/logs/mod.log
SecAuditLogParts ABIZ
This is…
Rocket
- 103
- 6
0
votes
1 answer
Modsecurity only allow access from two particular REFERER HEADERs
I have a Modsecurity rule which blocks all requests where the browser Referer Header is different from this: sub1.example.com.
So basically the rule only allows requests when the Header Referer is sub1.example.com:
SecRule REQUEST_HEADERS:REFERER…
user3132858
- 143
- 2
- 6
0
votes
1 answer
ModSecurity dependency not found?
1. yum groupinstall 'Development tools'
2. yum install -y geoip-devel libcurl-devel libxml2-devel libxslt-devel libgb-devel lmdb-devel openssl-devel pcre-devel perl-ExtUtils-Embed yajl-devel zlib-devel
3. cd /opt
4. git clone --depth 1 -b v3/master…
Isaac
- 115
- 6
0
votes
1 answer
Drop and Nolog HTTP CONNECT request with modsecurity
In my virtualhost I have this modsecurity setup
SecRuleEngine On
SecRule REQUEST_METHOD "@streq CONNECT" "id:1,nolog,drop,phase:1"
Despite the 'nolog' instruction I got in apache access log the CONNECT request with 403 forbidden error, why?
I need…
Giuseppe
- 1
- 1
0
votes
1 answer
mod security blocking basic authentication
I have a vps with centos 7, apache with mod_security and mod_evasive. I have a form in php with basic authentication. When I try to authenticate through the application (before activating mod security worked) appears in the logs that entered the…
Mylon
- 1
0
votes
1 answer
mod_security X-Forwarded-For not being blocked
I made some changes to my config as per this suggestion:
SecAction \
"id:901321,\
phase:1,\
pass,\
t:none,\
nolog,\
initcol:global=global,\
initcol:ip=%{x-forwarded-for}_%{tx.ua_hash},\
…
Yes Barry
- 170
- 1
- 16
0
votes
0 answers
Logging POST request body in modsecurity
Hello I'm using libmodsecurity (4e6e4243|v3.0.3) on nginx(1.15.12) with the connector being the current master (d7101e13685) and OWASP CRS on (ab24a20faf28156f0|v3.1.0).
I am trying to log the POST request body (C part in modsecurity) on a specific…
ateam
- 1
- 2
0
votes
1 answer
ModSecurity CRS 3 - Disable SQLi Rule For URI Pattern
I am trying to disable rule 942100 (an SQLi rule) when certain values are present in the URI, but apache won't start so something is wrong.
My attempt (in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf):
SecRule ARGS "@rx…
Yes Barry
- 170
- 1
- 16