Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

334 questions
0
votes
1 answer

ModSecurity, expirevar wont work

I've enabled modsecurity in my nginx k8s ingress using this guide, then I've added the following custom rules to block potential brute force attack # Block by ip # Retrieve the username SecAction "phase:2,log,pass,initcol:ip=%{REMOTE_ADDR}" #…
Gigitsu
  • 103
  • 1
  • 3
0
votes
2 answers

Can Modsecurity detect and block infected client computers that connect to a server?

I have the latest version of Modsecurity (as of March 25th 2019) installed on my server. I am using OWASP rulesets along with fail2ban on Linux. I know it is designed to block hacking attempts. Should I assume that people who are not attempting…
User6655
  • 11
  • 5
0
votes
1 answer

Updating ModSecurity when using OWASP rule sets

I am somewhat new to Modsecurity and still have a long way to go so bear with me. Ubuntu 18.04 I'm currently running Modsecurity 2.9.2-1 and OWASP rules 3.0.2 I would like to update the rules to what's currently available on github, which is…
User6655
  • 11
  • 5
0
votes
0 answers

My nginx log not read the web activity in real time

I am confused, my nginx log does not read the web activity in real time. The log will tell what happens after several time (it is hours ). Do you know why? Thanks
Abdul
  • 1
  • 1
0
votes
1 answer

ModSecurity for Apache 2.4.34 Failing with Invalid command 'SecRuleEngine'

I have A Ubuntu 18.04 server, installed Apache 2.4.34, and have compiled ModSecurity 3 with the apache module. I can successfully load the module, by adding: LoadModule security3_module modules/mod_security3.so to my httpd.conf and testing with…
Kevin
  • 133
  • 1
  • 2
  • 14
0
votes
0 answers

Apache modsecurity and htaccess which comes first?

Are htaccess rules executed before modsecurity rules? Sending illegal requests to couple of domains some of them trigger modsecurity but some of them with same illegal requests are not showing modsecurity forbidden message but 404 instead.
titus
  • 404
  • 6
  • 17
0
votes
1 answer

Mod security syntax error

when i ran the command apache2ctl configtest it is showing this error AH00526: Syntax error on line 193 of /etc/modsecurity/modsecurity.conf: ModSecurity: Failed to open the audit log file: /var/log/apache2/modsec_audit.log and on line 193…
Sony
  • 103
  • 1
  • 6
0
votes
0 answers

PHP is not working after installing ModSecurity for NGINX on Ubuntu 16.04

My server is running on Ubuntu 16.04. One of my web app(php app) was running on my nginx server. To install ModSecurity I removed the NGINX completely and then followed the following steps to complie and install ModSecurity for NGINX as a Dynamic…
Mushfiqur Rahman
  • 101
  • 1
0
votes
1 answer

SPOE and modsecurity contrib Failed to decode HELLO frame

I'm compile modsec as described in the instructions contib/modsec/README, but have the next errors: # /usr/local/bin/modsecurity -n 4 -d -f /etc/haproxy/waf/modsecurity.conf 1534409877.286475 [00] ModSecurity for nginx (STABLE)/2.9.2…
Pavel Loginov
  • 1
  • 1
0
votes
1 answer

mod_security and apt-get

hi can anyone help me with mod_security configuration... I have installed mod_security on ubuntu 9.04 lamp server,... but now I want to install anything and type apt-get install program, it keeps saying that they all depend on mod_security... and…
asel
0
votes
3 answers

Docker multi-stage build with nginx and modsecurity - cannot open shared object

I have created a docker multi-stage build to be able to end up with a small, lean container with the most recent nginx version and some modules compiled from source. At the end I copy over the binary and a few other files to the final container -…
binaryanomaly
  • 406
  • 1
  • 4
  • 14
0
votes
1 answer

Mod_security exclusion not fully working, still blocking CSS and images

I have put either of the following in my rules: SecRule REQUEST_URI "@beginsWith /directory" "phase:1,id:12345,allow" SecRule REQUEST_URI "@beginsWith /directory" "phase:1,id:12345,ctl:ruleEngine=off" When I browse…
user3080539
  • 23
  • 5
0
votes
1 answer

Mod security exceptions not working

I would like to exclude a directory from mod security. I have tried everything under the sun in every config file to no avail. I have put stuff in the vhost file, the crs-setup file, the modsecurity.conf file, the exceptions file in the rules…
user3080539
  • 23
  • 5
0
votes
2 answers

Submit form forbidden when Enabling modsecurity crs sql injection

My site turns on Ubuntu 16, Apache 2.4, php 5.6 and I use the CMS Drupal 8 I installed the module mod_security. I activated it then I enabled the modsecurity_crs_41_sql_injection_attacks.conf. For each form, when I submit, I have an error 403…
Mohamed Ben HEnda
  • 103
  • 5
0
votes
1 answer

Apache LocationMatch not matching

I'm trying to set up request throttling for certain sensitive URIs in an apache (v2.2) virtualhost with mod_security, but finding trouble with the use of LocationMatch. So far the configuration is as follows: ServerName…
André Fernandes
  • 959
  • 7
  • 24
1 2 3
22 23