Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

4

votes

3 answers

Block traffic behind AWS ELB

My web servers are behind ELB, I want to block traffic from some specific user agent which is a DDOS attack. Apache always see ip address of ELB as an end user so I tried below attempts: Blocking IP address at ELB level is not possible because it…

asked Dec 12 '14 at 01:46

Deepak Deore

691
9
15

4

votes

2 answers

mod_security ruleset for Joomla! admin

I run several hosting servers and recently I have experienced a lot of bruteforce attacks against joomla-based websites. Attackers seem to try a bruteforce against administrator/index.php page. I usually lock away IPs when they try to bruteforce…

mod-security joomla brute-force-attacks

asked Nov 24 '14 at 09:44

godzillante

240
1
3
12

4

votes

2 answers

modsecurity apache mod-security.conf missing

Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and…

ubuntu apache-2.4 mod-security apache-2.2

asked Jun 10 '14 at 21:05

James

185
1
7

4

votes

2 answers

Why bother reverse proxying applications if you aren't using mod_security or TMG/UAG?

Common wisdom is that internal applications that live inside of the trusted network, such as Exchange, should be reverse proxies whenever they are exposed to the Internet. Microsoft recommends using UAG/TMG for this as it has some built in security…

web-server reverse-proxy mod-security microsoft-ftmg-2010

asked Nov 19 '13 at 19:20

MDMarra

100,183
32
195
326

4

votes

2 answers

mod_security not actually blocking requests despite rule trigger & returning 403

I've pulled my finger out and installed mod_security to protect our WHMCS installation (a PHP based billing system) from some of the more obvious SQL injection attacks to try and minimise our susceptibility to being hit in the window of opportunity…

apache-2.2 mod-security suphp

asked Oct 30 '13 at 13:04

Phil

1,222
1
7
15

4

votes

4 answers

How to drop all requests using mod_security

I have an apache2 server with several sites enabled on it, including the default one (000default). The default server is catching lots of spammy requests that are doing nothing but consume bandwidth and fill up the log file. What would be a minimal…

apache-2.2 security web-server mod-security

asked Jun 22 '12 at 22:43

izb

191
1
10

4

votes

2 answers

modsecurity: block IP address that visited 404 pages more than 10 times in a minute

We're using mod_security and we have currently issues with some bots. I would like to block IP Address that visited 404 pages more than 10 times in a minute. How can this be done? How can I poll the 404 return codes? How can I count the error 404…

apache-2.2 mod-security

asked Mar 29 '12 at 15:09

JMW

1,451
4
19
27

4

votes

2 answers

How to exclude ModSecurity rules by hostname?

I'm using OWASP core rule set 3.2.0 set up with ModSecurity 3.0.4 and ModSecurity-nginx. If I have a rule exclusion like this, in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf: SecRule REQUEST_URI "@beginsWith /api.php" \ "id:1015,\ …

firewall mod-security web-application-firewall

asked May 26 '20 at 18:49

nnyby

298
3
5
16

3

votes

2 answers

ModSecurity not working on IIS

I've installed the ModSecurity IIS module on a Windows Server 2012 VM. I have a simple test application running on its own app pool. default.aspx -- Just a simple page that spits out the date/time. web.config

windows iis windows-server-2012-r2 mod-security

asked Mar 19 '18 at 17:51

Josh M.

667
8
21

3

votes

1 answer

Apache 2.2 / CentOS: Denying Bad Bots

I'm having all kinds of problems trying to restrict bad bots on my Apache 2.2 server, and am hoping somebody can assist. I have banged my head on the wall for days trying to get this working, and used several different methods, but none seem to…

apache-2.2 httpd.conf mod-security

asked Nov 24 '17 at 23:53

Cheddar

131
2

3

votes

1 answer

Apache cannot access mod_security log

I have an Apache2 server that cannot access the mod-security log: prim@x.x.x.x:~$ apachectl -V AH00526: Syntax error on line 196 of /etc/modsecurity/modsecurity.conf: ModSecurity: Failed to open the audit log file:…

ubuntu-14.04 apache2 mod-security

asked Oct 22 '17 at 17:31

caliph

193
1
3
8

3

votes

1 answer

Linux, apache2, modsecurity blocks Google reCAPTCHA variables

I have a Debian Jessie box, Apache 2.4 and default mod_security enabled with base rules activated. When I try to implement a Google reCAPTCHA solution in a PHP code, modsecurity blocks page with returning reCAPTCHA variables. As I see, a modsecurity…

apache-2.4 google mod-security debian-jessie

asked May 05 '16 at 18:38

JackD

33
3

3

votes

1 answer

Can mod_security only log triggered rules if the request was blocked?

I've installed mod_security and I'm currently running in DetectionOnly mode as I monitor logs and configure to suit my servers needs. I've set it up for anomaly scoring and tweaked my scores accordingly to reduce false positives. In the Apache2…

apache-2.2 mod-security

asked May 01 '15 at 14:01

AJReading

153
5

3

votes

1 answer

Mod Security ctl:ruleEngine=Off Whitelist Fails in Phase 1

mod_security with custom rules and whitelists in separate .conf files - Apache 2.2, modsec 2.8 Whitelist rule: SecRule REMOTE_ADDR "^10\.10\.10\.10" phase:1,nolog,allow,ctl:ruleEngine=Off,id:104008 If a request is sent to the server that includes…

apache-2.2 security mod-security whitelist

asked Nov 21 '14 at 09:27

Santrix

253
3
10

3

votes

1 answer

ModSecurity on IIS: Single threaded?

I installed ModSecurity on a web server running IIS 8.5, and noticed the response time has increased 15 times (0.15 ms/request vs. 2.2 ms/request), even with SecEngine set to off. It seems that IIS is running on single-threaded mode when ModSecurity…

iis mod-security

asked Oct 24 '14 at 10:54

Jim

629
2
7
20

Prev 1

2

3

…

22 23 Next

Questions tagged [mod-security]