Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

Can I print apache environment variable in error log?

I want to print mod_security anomaly score to apache error log. I use setenv to set enviroment variable, and %{name}e syntax to print it in log. Modsecurity config: SecAction "id:90100,phase:5,pass, nolog,…

apache-2.4 mod-security

asked Aug 16 '17 at 10:22

Vladimir

31
1
6

0

votes

1 answer

mod_security on Apache 2.4: Can I disable all rules for a specific request element?

I have an application served by Apache, on which mod_security is enabled, and I have been successfully tuning exceptions to avoid false positives using the likes of: SecRuleUpdateTargetById 981260 !ARGS:'/^PD-.*/' But now I am facing the case where…

apache-2.4 mod-security

asked May 24 '17 at 22:21

NotSoOldNick

103
3

0

votes

0 answers

mod_security blocking SOAP client simulation

I'm writing a PHP SOAP server and I'm using PAW ( mac app ) to simulate SOAP client request on my local server I get a SOAP response on production server a get an 403 Forbidden error, since on this server I did have previous issue with mod security…

apache-2.2 mod-security xml soap

asked May 03 '17 at 09:37

al404IT

123
1
6

0

votes

1 answer

How to disable a specific mod_security rule in a specific directory?

I want to disable this rule: [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special…

wordpress mod-security

asked Apr 23 '17 at 12:30

romanturbo

33
1
6

0

votes

1 answer

Apache upload scanner not working as intended

I am trying to install a Upload scanner for any uploads via the web server Apache using inspectFile method in ModSecurity. The scanner script I use here is provided by the Maldet itself which in turn uses clamd engine. The files I am trying to…

linux apache-2.4 bash mod-security cpanel

asked Mar 09 '17 at 07:39

vjwilson

129
1
6

0

votes

1 answer

Modsecurity SecRuleUpdateTargetById not working

I'm trying to modify owasp crs 3.0 rule number 920440: [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"]…

mod-security

asked Feb 14 '17 at 17:18

Multihomed

1
3

0

votes

1 answer

Modsecurity cookie match

I run a small webhosting service (CPanel + ModSecurity) and I personnaly host few laravel projects on it. I noticed that when I (or anyone) visit multiple pages quickly (one after the other), at some point I get a Too Many Redirects error after the…

mod-security cookies cpanel

asked Nov 24 '16 at 23:29

Max13

141
1
9

0

votes

1 answer

ModSecurity SecRule REMOTE_ADDR NOT WORKING?

I'm trying to nolog for a particular IP 10.68.***.96 and 127.0.0.1 address but it seem not working... I already tried the following configurations (I know that some of them are depreciated but it's for the test): SecRule REMOTE_ADDR "@ipMatch…

ip remote mod-security rules

asked Nov 22 '16 at 12:37

Raphaël D

1
4

0

votes

0 answers

modsecurity add custom rules

I recently installed mod_security on apache 2.4.6 using owasp rule set, But there'e some problems with google recaptcha and non-english utf8 characters. I googled and for recaptcha I should add following custom rule to…

apache-2.4 mod-security

asked Sep 08 '16 at 14:46

Ehphan

111
2
8

0

votes

1 answer

Testing new ModSecurity rules in production - only some rules to DetectionOnly

I'm in the process of modifying an existing ModSecurity ruleset and I'm wondering how I should handle the process of adding new, (mainly) untested rules to production systems. At the moment, we do have a small set of active rules which is clearly…

apache-2.2 mod-security

asked Aug 25 '16 at 11:42

Michael Helwig

123
6

0

votes

1 answer

modsecurity doesn't log all response bodies

I'm trying to get response body of every request. (200 or 500, etc.) But mod_security doesn't put -E-- part (response body) in every request. For example, for this request: Request Body: POST /accounts/login/ HTTP/1.1 Host:…

apache-2.2 logging mod-security

asked Aug 23 '16 at 10:08

kikio

161
1
9

0

votes

1 answer

Whitelist for IP range on ModSecurity 2.9 & Apache 2.4.3

I'm try to add Google Ip range on white list for Mod Security I use Cpanel+Apache 2.4+ModSecurity 2.9.0+OWASP Rules On several post i se this conf SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19"…

apache-2.4 mod-security cpanel

asked Aug 21 '16 at 08:12

abkrim

407
6
18

0

votes

1 answer

Mod_Security on 2 CentOS 7-servers. Different log-format

I installed mod_security on 2 CentOS 7-servers. Bot got this config: SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIFHZ SecAuditLogType Concurrent SecAuditLog…

apache-2.2 centos7 mod-security

asked Aug 10 '16 at 20:10

MyFault

893
3
14
35

0

votes

1 answer

Modsecurity redirect rule : Send threatening user back to referrer

Consider the following SecRule, which takes a feed from a lua script that is executed: SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found'" If SQLi is found in a…

apache-2.2 mod-security

asked Aug 09 '16 at 15:02

Futh

17
5

0

votes

1 answer

Blocking a request with ModSecurity and lua script

I have web traffic flowing through ModSecurity. Within the ModSecurity configuration I am calling a Lua script that is running some simple analysis on the arguments of request string. Specifically, it is checking for evidence of Cross-Site…

mod-security lua

asked Aug 05 '16 at 17:39

Futh

17
5

Questions tagged [mod-security]