ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
334 questions
0
votes
1 answer
Prevent logging of issues with 127.0.0.1 in mod_security logs
I'm trying to configure modsecurity to not log any issues originating from 127.0.0.1 but I have had no luck with the following rules.
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"
SecRule…
Citricguy
- 156
- 1
- 1
- 9
0
votes
1 answer
ModSecurity IIS Block Out of Country IPs by X-Forwarded-For
Problem
We've had someone that has been trying to crawl our site with random, malicious urls (for about 12 hours now).
Here is the log file
2016-06-29 08:17:02 10.X.X.X GET /assets/plugins/lightbox/Images/url - 443 - 10.X.X.X…
Jack
- 119
- 4
0
votes
1 answer
Remove IP from modsecurity blacklist
I have a CentOS 7.2 server with apache. I installed and configured modsecurity and I did some tests from my home and now my IP si blocked.
Where is stored the blacklist for modsecurity? I stopped the iptables and fail2ban but I'm still blocked.…
antiks
- 203
- 3
- 7
0
votes
1 answer
Modsecurity check REQUEST_URI without query parameters
Currently, I am using Modsecurity XSS prevention, but I'm having a hard time understanding how exactly I can restrict what I'm checking for in the REQUEST_URI variable.
My Example:
#
# -=[ XSS Filters - Category 3 ]=-
# XSS vectors making use of…
Derek Pollard
- 115
- 1
- 6
0
votes
0 answers
convert modsecurity apache specific rules for nginx
Using ModSecurity with Apache and OWASP CRS there are some rules which use apache specific directives like (in modsecurity_crs_55_application_defects.conf file):
Header edit Set-Cookie…
Ehsan Mahdavi
- 145
- 1
- 2
- 9
0
votes
1 answer
Chrooting Apache 2.4 on Debian Jessie with mod_security
I have been advised to chroot my apache2 installation to better secure the sensitive content on the rest of the server. I have installed and setup mod_security properly and can see in the logs that it is chrooting apache2 properly, but systemctl is…
Drew
- 3
- 3
0
votes
1 answer
mod_security unable to add OWASP CRS - CentOS 7
My website has been under constant attack from hackers since the day I set up the virtual server and installed WordPress. I was able to install mod_security, however, I am unable to add the OWASP CSR. I have been following this tutorial:…
0
votes
1 answer
modsecurity Does not contain custom REDQUEST_HEADER_NAMES
Trying to build a rule that will 403 any incoming traffic that doesn't contain the header X-CFKey and match a specific of X-CFKey.
I've got modsecurity testing X-CFKey value successfully but fails when the header is missing all together. I'm trying…
Alex Turner
- 115
- 6
0
votes
1 answer
mod_security: What's the point of action auditlog?
I'm fiddling around with mod_security to log POST request payloads for a specific URI.
As stated in this response https://serverfault.com/a/729079/292993 to a similar question mod_security's AuditEngine works like that:
It will also log to…
ahaertig
- 65
- 1
- 6
0
votes
1 answer
Modsecurity Whitelist and keep logging
I am white listing a tag and I am curious if there is a way to white list this and keep the logging to this at the same time.
SecRuleUpdateTargetByTag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION" !ARGS:/^fallout/
Would something like this…
LUser
- 217
- 6
- 15
0
votes
0 answers
Modsecurity: How can I consolidate all SecRules to ignore aparameter
How can I consolidate all or any secrule to ignore a parameter with modsecurity?
I have a form that will always flag as XSS, unfortunately, my rule list is getting rather large as the site grows.
I now have a list of about 10 or so rules ignoring…
LUser
- 217
- 6
- 15
0
votes
1 answer
SecChrootDir Jailing apache 2.2.X on Centos 6.7
I was trying to do apache jailing on centos 6.7 with modsec. I already built everything even the jail directory and remodeled the config files. httpd(apache) says it started nicely, however its dead. When i try to see its status it says httpd dead…
0
votes
1 answer
security2_module for apache with owsap modsecurity crs base rules is causing the “Forbidden You don't have permission to access / on this server”
I installed the security2 module to my apache server with owasp mod security base rules by adding these following lines to my httpd.conf:
Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
Include…
sorin
- 101
- 2
0
votes
1 answer
workaround for modsecurity false positive?
I was pasting "drwxr-xr-x. 2 root root 6 Sep 24 04:35 images" into a dokuwiki page That triggered modsecurity and I got a HTTP error. How can this rule be modified to avoid this kind of false positive?
It happened on Dreamhost and support was…
sdaffa23fdsf
- 215
- 1
- 2
- 8
0
votes
1 answer
Already enabled x-forwarded for in haproxy, but mod_remoteip 2.2 backport still doesn't work
I'm using haproxy to forward requests to Apache 2.2 bundled with modsecurity 2.7 and OWASP_CRS. I have enabled insertion of the X-Forwarded-For header in the haproxy config:
defaults:
option forwardfor except 127.0.0.1 header X-Forwarded-For
In…
RedGiant
- 211
- 3
- 14