ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
334 questions
0
votes
1 answer
How to block/ban clients that try to access some paths / urls?
Some spambots hammer my server with nonexisting paths like /user/pass?=asdfdasfas
How could I block any access to /user/pass?=* ?
Is there a better tool than iptables or csf for catching such crap?
giorgio79
- 1,747
- 9
- 25
- 36
0
votes
1 answer
Find excluded keywords for $_POST/$_GET content with ModSecurity?
Our client has ModSecurity 2.0 with Rule Set 2.0.5 but he told us that minor detail at the end of the development.
I need to audit all the application code and make sure it does not interfere with ModSecurity. (It already does)
I know that you can't…
Tristan
- 488
- 2
- 9
- 26
0
votes
2 answers
How to prevent from uploading shell
What is the best way to prevent from uploading c99shell,r57shell and another php sheller? i want when an attacker upload a shell the sheller don't show for him.
I use mod_security ver 1.x
Thanks in advance
alysa
- 11
- 1
0
votes
1 answer
Apache 2.2.4: problems chroot with modsecurity
I've been installed mod_security. If i simply include in the httpd the configuration files of mod_security, it starts normally. Indeed, if i try to add SecChrootDir /mnt/chr , httpd will start, but at the request of the page it returns either 404…
sl34x
- 23
- 4
0
votes
1 answer
Proxying while preserving URI with mod_security2
I'm using a proxy: action in mod_security2. I'd like to preserve the full URL of the original request, however, and it seems to be rewriting that to the url in my proxy: action.
So a request to http://domain.example.com/foo
hits my the below…
Cian
- 5,777
- 1
- 27
- 40
0
votes
1 answer
Side effects of using owasp mod_sec rules
I was looking at all the owasp rules for mod_security. How badly does it slow your loading time down if you use them all?
What would be the recommended packages to use? I want to mostly block bad UA, SQL and XSS attacks.
Thompson Smith
- 49
- 2
- 6
0
votes
1 answer
Mod_security questions and on User-Agent types
Very new to mod_sec
I want to block a UA string and I noticed there are a few types:
SecRule HTTP_User-Agent
SecRule REQUEST_HEADERS:User-Agent
What is the real difference between them?
My block:
SecRule REQUEST_HEADERS:User-Agent "perl"…
Tiffany Walker
- 6,541
- 13
- 53
- 77
0
votes
1 answer
Installing mod_security
I have apache and suphp running. How hard is it to install modsecurity? Also, where can I find some light weight/generic rule-sets to not bog apache down?
Thompson Smith
- 49
- 2
- 6
0
votes
1 answer
ModSecurity not enabled
I have similar problem like question How do I enable mod_security in Ubuntu 10.04? , but i do not have the "minimal" file with me which i can replace and make it work.
My configuration is also different. here is my /etc/modsecurity/modsecurity.conf
…
Farhan
- 4,210
- 9
- 47
- 76
0
votes
1 answer
Broken URLs after enabling mod_security
For example this pdf stopped working after enabling the mod, it generates 403 error.
[Wed May 30 18:47:19 2012] [error] [client xxxxxxxxxxx] ModSecurity: Warning.
Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL"
required.…
Johan Larsson
- 87
- 2
- 12
0
votes
1 answer
Mod Security log monitoring
Is there a web based log management utility present for Mod Security? As parsing the logs of Mod Security is a big headache. I can only see traditional log monitoring systems but not any, which is intended for mod-security logs analysing.
Farhan
- 4,210
- 9
- 47
- 76
0
votes
2 answers
block php file access (modsecurity)
How can I block all access to a PHP file? File name is similar to sm6######.php where #### can be any random digit.
How can I do it using mod_sec?
Kashif
- 473
- 9
- 20
0
votes
1 answer
installing mod_security causing apache service start to fail
I installed mod security using this tutorial http://www.linuxmaza.... . After installing I got the error described and followed the steps to solve it. The only thing I did differently was updating apache from the repo rather than uninstalling…
Frank Astin
- 169
- 1
- 1
- 10
0
votes
2 answers
How to use RegEx for mod_security
I have a directory/site set-up like this on my Apache/2.2.19 (Win32) Server using mod_security + core ruleset/2.2.1
/website1/login.php
/website2/login.php
/website3/login.php
/websiteN/login.php
In my modsecurity_crs_10_config.conf I…
PadraigD
- 141
- 1
- 8
0
votes
2 answers
Apache2 mod_security simple default deny rules for specific directory
How to configure the simplest useful default-deny rule set for mod_security?
I want to configure mod_security to allow only very specific queries to single directory:
In short: I use Apache as a reverse proxy for directory /web_app/, in this…
Hubert Kario
- 6,351
- 6
- 33
- 65