ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
334 questions
0
votes
0 answers
Rule 933160 violated even though it's been excluded
I've installed nginx with modsec with the following versions:
Modsec verion: v3.0.3
Nginx version: 1.13.6
and I've excluded rule 933160 as followed:
SecRule REQUEST_URI "@beginsWith /a/b/c/d" \
…
skwokie
- 155
- 8
0
votes
1 answer
Changing time format in Modsecurity log
I wonder if it's possible to change time format which Modsecurity 3 uses in its audit log.
I came across that time format differs depending on SecAuditLogFormat setting.
When it's Native, timezone is present:
---immbqR4e---A--
[16/Jun/2020:11:24:03…
P. D
- 11
- 1
0
votes
1 answer
Apache2 mod_evasive for only one virtual host
I'm testing a scenario where, I'm hosting two-site on same machine with help of apache web server. I'm looking to enable mod_evasive for only one site. I don't see any way to get it working. Following is the scenario and things I have tried.
Ubuntu…
Jerry
- 1
- 1
-1
votes
1 answer
Modsecurity block request
How can I block in modsecurity these requests:
12.54.87.55:443
https://12.54.87.55
tried
SecRule REQUEST_URI "12.54.87.55:443" phase:1,id:1008,log,deny,status:403
but seems like it's not working.
I want to block all the requests where Host header…
Zero Hour
- 1
- 1
-1
votes
1 answer
specify the order of IDS , Firewall , WAF
i have an ubuntu system and i want to implement iptables as firewall, modsecurity as WAF and snort as IDS in this system and i have a server behind this system and i want to protect the server with this system. i want when the packet recieves first…
Trudy
- 1
-1
votes
1 answer
Apache fails to boot after OWASP installation
I was trying to secure my server (apache 2.4.6 on centos 7) with mod_security and OWASP, but after following the instructions and installing OWASP, httpd fails to start with following error message:
Apr 16 02:59:24 systemd[1]: Starting The Apache…
aladar42
- 1
- 2
-1
votes
1 answer
Strange ModSecurity entries in Apache error log
I recently migrated my VPS to Plesk Onyx v17 (running on Ubuntu 14.04) and, when checked the error logs this morning, I noticed multiple records like this one:
[Tue Apr 11 06:26:33.063983 2017] [:error] [pid 3306:tid 140450353870592] [client…
Mike S
- 1
- 1
- 2
-1
votes
1 answer
modsecurity block google bots [ Sitemap 403 error (Forbidden) ]
I am submit sitemap on google webmaster tool google bots can't read my site.
Error
webmaster tool: http://prnt.sc/dh6qje
modsec_audit.log: http://prnt.sc/dghx2n
Please tell me how to fix this problem.
Ayan Chakraborty
- 101
- 1
-1
votes
1 answer
Clone http traffic to another port on same server transparently
I am experimenting with following setup.
Clone/copy (but not redirect) all incoming HTTP requests from port 80 to another port say 8080 on same machine. I have a simple NGINX + Lua based WAF which is listening on 8080. Essentially, I am running two…
Iornman l
- 1
- 2
-1
votes
1 answer
Nginx with mod_security on EC2
I am looking to get some ideas and see what others are doing in terms of managing/keeping updated Nginx + mod_security on EC2 instances. The catch with this is that mod_security needs to be compiled and then Nginx needs to be compiled with…
J Henzel
- 169
- 4
-1
votes
1 answer
Blocking request with query string
I'm an under a DDoS attack though I have cloud flare..
I found out that the attacker is accessing the server using query strings "?a=randomnumber"
I don't use query strings in my website so I need to block any IP that tries to add query string in…
Seif Hatem
- 109
-1
votes
1 answer
You don't have permission to access /on this server
I created a form in joomla with 2000 fields but when I submit the form it gives me:
error-- You don't have permission to access /en/soccer-player-update on this server. Additionally, a 404 Not Found error was encountered while trying to use an…
falsecoin
- 1
- 1
-1
votes
1 answer
hosting provider web server blocks certain url string by using mod security
I have a blog which has a post with the following as url
/blog/insert-into-tablea-select-fields-from-tableb-for-specific-values-only/
This was working well until recently.
I got a different HTTP Status like 412 Precondition Failed which is not…
Jayapal Chandran
- 141
- 1
- 7
-1
votes
1 answer
gotroot mod_security rules
Are the gotroot mod_security rules any good?
I've heard that you will get a lot of false positives and before I try and use them on a live box just wanted to know if anyone else has experience with them.
Mike Williams
- 23
- 3
-1
votes
1 answer
Is ModSecurity intended for authentication or WAF?
What's the designed purpose of modsecurity for Apache/Nginx?
Does it play the role of authentication (Basic/Forms/Cookie)?
From my research, it appears to be a Web Application Firewall feature. The features like Authentication are best left to the…
JJS
- 143
- 6