Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

0 answers

Nginx and Modsec version mismatch

I have installed nginx and modsec roughly following this tutorial https://www.linuxcapable.com/how-to-install-modsecurity-with-nginx-on-ubuntu-20-04/. After a couple of months working perfectly I am now getting this error: nginx: [emerg] module…

nginx mod-security ubuntu-20.04

asked Apr 01 '22 at 14:10

andygozindy

11
3

0

votes

0 answers

Mod_Security prevent brute force for Joomla

I am trying to find/create a Mod_Security rule to detect & block multiple login failures on the latest version of Joomla. I found an answer from March 2015 here: https://serverfault.com/a/646608/960638 but in my own tests it does not detect login…

mod-security joomla

asked Mar 31 '22 at 09:53

Peter

1

0

votes

0 answers

Modsecurity & LEMP Server Running Wordpress - Rule Exclusions for iOS Wordpress app

I am very new to mod-security, and have been struggling quite a bit with rule exclusions that are beyond the scope of examples shown in this tutorial from Linuxbabe.com. I am running a Wordpress LEMP Server, and my issue is specific to getting the…

nginx wordpress mod-security ios apple-ios

asked Feb 06 '22 at 00:17

DanRan

73
1
1
12

0

votes

1 answer

ModSecurity 403, COMODO WAF detects XSS while trying to access phpMyAdmin

I have a copy of phpMyAdmin in one of my server in a subdomain 'pma' and inside a directory in it named 'app' (manual installed from zip archive, not via yum), which I use for DB related management and it was working ok for couple of months. A…

firewall mod-security phpmyadmin

asked Jan 12 '22 at 04:49

Nishu Ali

1
2

0

votes

0 answers

mod_security blocks redirects (to non-www and https)

httpd-vhosts.conf ServerName example.com ServerAlias www.example.com DocumentRoot "c:/web/www/mysite" Alias /.well-known c:/web/www/mysite/.well-known Redirect permanent / https://example.com…

apache-2.4 301-redirect mod-security

asked Jan 04 '22 at 21:33

impimp

1

0

votes

0 answers

Modsecurity Not working with beautified URLs

I have modsecurity on nginx and everything works except for URL like below: https://example.com/input_1.3=6111163&id=1' and 1=1 -- But it works for this one: https://example.com?input_1.3=6111163&id=1' and 1=1 -- Where is the problem?

nginx security mod-security

asked Dec 19 '21 at 16:35

Abadis

156
3

0

votes

0 answers

Modsecurity failed to load configuration

Evening, i got some problem here. I compiled modsecurity into standalone mode and using haproxy too. I ran in -p 81 -f crs-setup.conf -d then it works. But, when i adding "Include /etc/..../rules/*.conf" it becomes 1639122879.787949 [00] ModSecurity…

haproxy mod-security

asked Dec 10 '21 at 08:05

kolo

1
2

0

votes

0 answers

How to use modsecurity on AWS EC2 with ELB

Query attacks from outside are too frequent since AWS EC2 was used. AWS WAF is too expensive and burdensome. I'm trying to install modsecurity inside the server, but it's not working properly because of ELB. Is there any other alternative or way?

amazon-ec2 mod-security

asked Dec 06 '21 at 00:37

LivePark

1
1

0

votes

0 answers

Installing ModSecurity on NGINX

I'm trying to set up a reverse proxy using NGINX on CentOS7 and ModSecurity for use in between an Exchange server and the internet. I'll be honest and say I'm not all that great with Linux, but I've learned how to do some things fairly well, and…

nginx mod-security

asked Dec 03 '21 at 02:31

SubnetMask

11
2

0

votes

1 answer

Which protections can I use on the server

I have read about server protection and I know how to work with fewalld protection because it is not demanding. My question is: Which of the following protections is best for the server and which of the offered ones can be used together on the…

linux selinux fail2ban firewalld mod-security

asked Nov 30 '21 at 12:32

Edgar

17
4

0

votes

0 answers

Rewrite POST variable using modsecurity

Exists some way to rewrite POST form variables using modsecurity? This must be done before proxypass to backend. I was trying some rules unsuccessful. The test request is curl -i -X POST -d "name=Pepe" http://localhost:8080/pepe The idea is to be…

apache-2.4 http mod-security

asked Nov 04 '21 at 15:42

Alex Trivel

11
1

0

votes

0 answers

Prevent SlowLoris attack with ModSecurity (Apache)

I'm unable to stop a SlowLoris attack using ModSecurity in my apache (2.4) server from a computer that is in the same network. I'm on Debian 11. I add this to the /etc/modsecurity/modsecurity.conf : SecConnReadStateLimit 5 And set this to…

debian apache-2.4 ddos mod-security denial-of-service

asked Oct 31 '21 at 22:13

Rodrigo Diaz

1
1

0

votes

1 answer

How to reduce Modsecurity disk IO

Modsecurity generates a lot of disk io operations, and the file www-data-ip.pag is read and written continuously. Is there any solution that can effectively reduce this? Could it be moved to RAM in some way?

apache-2.4 mod-security

asked Aug 16 '21 at 19:41

AndreaF

205
1
8

0

votes

1 answer

How do I set the anomaly score in crs-setup.conf?

I am using v3.0.0 of CRS with ModSecurity set to DetectionOnly mode and the nginx connector. I want to set the anomaly score to 100 or so to fine-tune the settings, but I can't see where or how to do that. Looking in crs-setup.conf nginx 1.18.0 if…

linux nginx mod-security

asked Aug 04 '21 at 18:24

richardwhitney

113
4

0

votes

0 answers

Can't get docker image owasp/modsecurity-crs:apache reverse proxy to work

I have an endpoint https://my-portal.nl and I wan't to place a WAF with the OWASP Core rule set before it. So I found a Docker image(owasp/modsecurity-crs:apache) that can proxy all the requests to my endpoint (https://my-portal.nl). For some reason…

docker mod-security

asked Jul 27 '21 at 13:48

RAGI

1
1

Questions tagged [mod-security]