ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
334 questions
0
votes
1 answer
mod_security behind reverse proxy and clients IP
client -> haproxy -> mod_security boxes -> backends
Problem: mod_security boxes use mod_rpaf with ip of haproxy in 'RPAFproxy_ips'. Apache logging shows clients real ip but mod_security still reports haproxys ip as seen below.
Clients ip found in…
3molo
- 4,340
- 5
- 30
- 46
0
votes
1 answer
Change Mod Security Rule for Deny ( 401 Status Page )
I Used a mod security rule for deny wp login attept.
SecRule REQUEST_METHOD "@streq POST" \
"phase:5,chain,t:none,auditlog,pass,msg:'Login Failure Detection: Wordpress Login Attempt Failure…
Mehrpouyan Co.
- 1
- 2
0
votes
0 answers
After install mod_security and mod_evasive, php not working
I followed this tutorial ( tutorial.centos.com.my/?p=69 ) and got success to install mod_security and mod_evasive. But php does not run, displays the code in the browser. Insert an index.php file in EC2 disk with the php code phpinfo (); but this is…
Tiago Souza
- 41
- 1
- 5
0
votes
1 answer
Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf
I'm try install and configure Mod_Security on Amazon EC2 Linux 64 bits, but one error happens
Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf:
ModSecurity: Found another rule with the same id
Need help to solve this, I tried to find in…
Tiago Souza
- 41
- 1
- 5
0
votes
1 answer
VPS server restarting MOD_SECURITY?
My VPS server has been acting up lately, for example last weekend the PHP module Imagemagick simply stopped working and I had to do a PERC uninstall / reinstall.
Today my server has been totally unresponsive for up to 20 minutes. This is mission…
0
votes
1 answer
Jetmon being blocked by ModSecurity, how to write override rule?
I have a WordPress site on a VPC and I'm trying to tweak ModSecurity to reduce the false positives. I have Jetpack monitoring which is being denied when ModSecurity is active.
Log from Apache error.log
[Sun Jul 26 20:25:31.569393 2015] [:error] [pid…
dangel
- 69
- 11
0
votes
1 answer
security2_module for apache is causing the “Forbidden You don't have permission to access / on this server” message
I installed the security2 module to my apache server by adding these following lines to my httpd.conf:
Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
Include…
VaTo
- 191
- 4
- 20
0
votes
2 answers
Modsecurity rule to not scan URIs
Good Morning,
I am currently on creating a new mod security 2.5 rule.
My deployment:
I have an Apache server in reverse proxy mode. This Apache server does not host the websites. Instead, I proxy the requests to another server that answers the web…
Arlion
- 590
- 1
- 4
- 17
0
votes
2 answers
Modsecurity: no action id present
I have not been doing anything with my site for a while and recently upgraded Ubuntu from 12.04 to 14.04 LTS, but now I am getting errors like:
Modsecurity: no action id present
I looked around online and most answers tell you to add id=1234 or…
Stochastic13
- 121
- 4
0
votes
1 answer
Does a mod_security error block a visitor?
Does a mod_security execution/rule error or errors in general block users from visiting my website? Ive got many rule and execution errors, Ive just whitelisted these rules but maybe I could just ignore them.
The website is in production with…
Krazos
- 1
- 1
0
votes
1 answer
Apache with modsec "collections_remove_stale: Failed to access DBM file"
I seem to getting alot of these lately in my apache error log:
Message: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Resource deadlock avoided
Server Version: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips…
Ivan
- 893
- 2
- 9
- 23
0
votes
2 answers
Modsecurity oddity
my mod security is loading fine but when I set the server token like so
SecServerSignature "Infodous Webserver" it returns
"Infodous Webserver mod_fcgid/2.3.6 PHP/5.4.39-0+deb7u1 proxy_html/3.0.1 Server at REDACTED Port 443"
Is it possible to make…
0
votes
1 answer
WAF at Transparent Mode
I want to use Mod Security as transparent mode. Mod security web application firewall (WAF) should be between server and client and client provided with only server's IP address to access the site. The client should not aware about the presence of…
Praveen
0
votes
0 answers
prevent phpbb bruteforcing with mod_security
Update: I edited this and added a fail2ban tag. Perhaps that might be another way to handle this issue.
I'm running phpbb 3.0.13-PL1 and I would like to protect the login page from bruteforcing. I'm wondering if anyone can tell me what php page to…
michelle
- 101
0
votes
1 answer
whitelist URI on mod_security enabled apache reverse proxy
I have an apache 2.2.29-1.4 with mod_security 2.8.0-5.25 which is a reverse proxy with mod_proxy_http for a local java application.
I have false positive on some urls and would like to whitelist some OWASP rules just on the given URIs.
Currently…
golemwashere
- 724
- 1
- 10
- 21