Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

0 answers

mod_evasive triggering client denied by server configuration: from SquirrelMail download.php

mod_evasive is triggering the below errors from SquirellMail on Apache 2.4.43-1 on Fedora 31. And since this causes a 403 Forbidden error, Fail2ban is also triggered and blocks the IP, as it appears that the IP tries to access the 403 page 14 times…

apache-2.4 mod-security squirrelmail

asked May 20 '20 at 21:24

RobbieTheK

390
5
15

1

vote

0 answers

ModSecurity, Create an IP Blacklist file

We have a list of IPs that we want blocked. I currently have them blocked at the firewall, I would like to create a file that ModSecurity will read, and block those IPs. This is a pretty big list, as it has been created over a couple years. Is there…

iis mod-security ip-blocking

asked May 18 '20 at 18:27

Seth

11
2

1

vote

0 answers

Modsecurity...Host header is a numeric IP address Cannot serve directory no matching directoryindex

my system is Debian 9 Apache2 php-fpm i am experiencing an error with one of the websites on my webserver. I have tried adding an index.html file into the public_html directory (and disabling htaccess and wordpress index.php), however it appears to…

apache2 mod-security debian-stretch

asked May 14 '20 at 10:51

adam

11
3

1

vote

1 answer

ModSecurity not writing to new rotated log files?

I've the following logs rotation set up in the OS for nginx's and modsec's logs, and it works for nginx's logs but not for modsec's. The result for modsec is that, it made a copy for the log file but it keeps on writing to the old one as…

mod-security

asked Apr 30 '20 at 19:12

skwokie

155
8

1

vote

1 answer

Apache too many child process - mpm_event caught SIGTERM shutting down

My Apache with ModSecurity, mod_evasive20 enabled occasionally geting crashed: These are glimpse of error log: [core:warn]**: child process 24709 still did not exit, sending a SIGTERM [core:error]**: child process 24709 still did not exit, sending a…

php apache2 ddos mod-security mpm-event

asked Mar 19 '20 at 12:15

TheMonkeyKing

111
1
3

1

vote

1 answer

mod_security default_SESSION.pag file huge size

default_SESSION.pag file showing 575G though df -h showing less. /dev/xvda1 40G 19G 19G 51% / What for this default_SESSION.pag file actually used? It is updated when there is entries coming in error log. Mutex ssl-stapling-refresh:…

apache-2.4 mod-security

asked Feb 27 '20 at 08:17

Valsaraj Viswanathan

133
1
8

0

votes

1 answer

Apache2 error "ModSecurity: Found another rule with the same id" Ubuntu18.04

downloaded v3.2.0 https://coreruleset.org/installation/ following instructions located in file INSTALL But apache cannot start and returns this error - AH00526: Syntax error on line 800 of /etc/apache2/crs/crs-setup.conf: яну 19 01:36:09…

apache2 mod-security

asked Jan 19 '20 at 00:02

Denislav Karagiozov

101
2

0

votes

1 answer

Can mod_security be configured to create log only?

I've installed mod_security on openSUSE and want to make it log only. I want absolutely no blocking or filtering of any kind. I've created a config file as: SecAuditEngine On SecAuditLog /siteA/user/logs/mod.log SecAuditLogParts ABIZ This is…

apache-2.4 mod-security

asked Jan 15 '20 at 12:39

Rocket

103
6

0

votes

1 answer

Modsecurity only allow access from two particular REFERER HEADERs

I have a Modsecurity rule which blocks all requests where the browser Referer Header is different from this: sub1.example.com. So basically the rule only allows requests when the Header Referer is sub1.example.com: SecRule REQUEST_HEADERS:REFERER…

apache-2.4 regex mod-security

asked Oct 30 '19 at 09:28

user3132858

143
2
6

0

votes

1 answer

ModSecurity dependency not found?

1. yum groupinstall 'Development tools' 2. yum install -y geoip-devel libcurl-devel libxml2-devel libxslt-devel libgb-devel lmdb-devel openssl-devel pcre-devel perl-ExtUtils-Embed yajl-devel zlib-devel 3. cd /opt 4. git clone --depth 1 -b v3/master…

nginx amazon-ec2 web-server redhat mod-security

asked Jul 21 '19 at 04:32

Isaac

115
6

0

votes

1 answer

Drop and Nolog HTTP CONNECT request with modsecurity

In my virtualhost I have this modsecurity setup SecRuleEngine On SecRule REQUEST_METHOD "@streq CONNECT" "id:1,nolog,drop,phase:1" Despite the 'nolog' instruction I got in apache access log the CONNECT request with 403 forbidden error, why? I need…

apache-2.4 mod-security

asked Jun 26 '19 at 08:20

Giuseppe

1
1

0

votes

1 answer

mod security blocking basic authentication

I have a vps with centos 7, apache with mod_security and mod_evasive. I have a form in php with basic authentication. When I try to authenticate through the application (before activating mod security worked) appears in the logs that entered the…

mod-security http-basic-authentication

asked Jun 12 '19 at 05:29

Mylon

1

0

votes

1 answer

mod_security X-Forwarded-For not being blocked

I made some changes to my config as per this suggestion: SecAction \ "id:901321,\ phase:1,\ pass,\ t:none,\ nolog,\ initcol:global=global,\ initcol:ip=%{x-forwarded-for}_%{tx.ua_hash},\ …

security apache-2.4 mod-security

asked May 23 '19 at 18:17

Yes Barry

170
1
16

0

votes

0 answers

Logging POST request body in modsecurity

Hello I'm using libmodsecurity (4e6e4243|v3.0.3) on nginx(1.15.12) with the connector being the current master (d7101e13685) and OWASP CRS on (ab24a20faf28156f0|v3.1.0). I am trying to log the POST request body (C part in modsecurity) on a specific…

nginx mod-security

asked May 07 '19 at 19:48

ateam

1
2

0

votes

1 answer

ModSecurity CRS 3 - Disable SQLi Rule For URI Pattern

I am trying to disable rule 942100 (an SQLi rule) when certain values are present in the URI, but apache won't start so something is wrong. My attempt (in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf): SecRule ARGS "@rx…

security apache-2.4 mod-security

asked Apr 25 '19 at 17:36

Yes Barry

170
1
16

Questions tagged [mod-security]