Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

334 questions
3
votes
0 answers

How to filter POST data with mod_security when type is text/xml?

I'm trying to craft a rule which would match certain regex in POST requests. Rule I have so far looks like; SecRule REQUEST_FILENAME "form.php" \ "id:'12345',chain,deny,status:406,log,msg:'foobar detected'" SecRule REQUEST_METHOD "POST"…
Hrvoje Špoljar
  • 5,162
  • 25
  • 42
3
votes
2 answers

mod_security 960015 blocks Google and other good bots

mod_security rule 960015 keeps catching Google and other good bots. I have the following in the vhost to prevent good bots from being caught: SecRule REQUEST_HEADERS:User-Agent "Mail.ru" log,allow SecRule HTTP_USER_AGENT "Mail.RU_Bot"…
Vlad
  • 61
  • 2
  • 8
3
votes
1 answer

ModSecurity: What do MULTIPART_DATA_BEFORE and MULTIPART_DATA_AFTER mean?

I'm getting the following ModSecurity error when posting form data to a LiquidWeb server: Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 1, DA 1, HF 0, LF 0, SM 0, IQ 0, IP 0, IH 0, FL 0 As you can see DB and DA have been set…
bradt
  • 131
  • 3
3
votes
2 answers

Blocking repeated http requests in Apache behind a load balancer

I have a number of EC2 servers on AWS running apache behind a load balancer (ELB). Every now and then some IP address abuses the API hosted on the EC2 servers and causes a denial of service. I have no access to the load balancer so I need to block…
hillel
  • 131
  • 1
  • 4
3
votes
2 answers

Mod_security Logging

Im trying to run mod_security as standalone service with nginx as reverse proxy everything works fine except logging. Mod_security logs reverse proxys ip addres instead of clients ip address. I would appreciate if someone can help. The following is…
Hex
  • 1,939
  • 10
  • 17
3
votes
3 answers

ModSecurity block specific string in request

I want a ModSecurity rule, which block the access to any url or any Body request Post/Get, if it contains a specific string. For example i want to block this string : "km0ae9gr6m" I have this rule in placse but it doesnt seems to be…
Farhan
  • 4,210
  • 9
  • 47
  • 76
3
votes
1 answer

Modifying Apache configuration via a Web Interface

I would like to create a website on my server, which runs Apache2, to allow a user to fill in a form containing a desired subdomain name to be created on the server. For example, a user could go to the site on the server at example.com, fill out the…
dgh
  • 458
  • 1
  • 3
  • 11
3
votes
1 answer

What do the audit log records for ModSecurity actually mean?

We have ModSecurity setup to log to modsec_audit.log for Apache2. Today we have had 2259 entries created in this log with a referrer of: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Do these entries mean that bingbot has…
Linnay
  • 33
  • 1
  • 5
3
votes
1 answer

Where I can find ModSecurity Rules for Specific Applications

Where I can find ModSecurity Rules for Specific Applications specially joomla, wordpress, mambo ?
Libyano
  • 141
  • 2
  • 2
  • 8
3
votes
2 answers

mod_unique_id: unable to find IPv4 address of FQDN despite setting etc/hosts and Apache ServerName

I'm trying to get mod_security and hit the very common hostname error of [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "computername.domain.com" This normally means an entry is required in the hosts file.…
KCD
  • 878
  • 3
  • 11
  • 23
3
votes
1 answer

Looking for a good web penetration testing client

I'm implementing mod_security on an apache server. In order to test the effectiveness of the protection, I am looking for a client that can generate a set of predefined malicious HTTP requests. I will test the requests with and without mod_security…
Max
  • 3,373
  • 15
  • 51
  • 71
3
votes
1 answer

what is the impact of increasing the SecResponseBodyLimit from default value (512k) to (5M)?

I installed the mod_security version 2.5.13 with apache2 and I'm facing problem with SecResponseBodyLimit: ( ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)) and my question is: what is the impact of…
user79483
  • 391
  • 1
  • 6
  • 9
3
votes
2 answers

mod_security IP collection key not being set correctly

I'm using an IP collection in a load balanced setup, I therefor want mod_security to act on the x-forwarded for header instead of the REMOTE_ADDR. Here is my rule: SecAction…
Caseus
  • 73
  • 5
3
votes
3 answers

modsecurity inbound_anomaly_score

I get this error from web server - is this known issue. There is plenty of questions on google -- but not clear solution. [error] [client ] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file…
webminal.org
  • 273
  • 5
  • 19
3
votes
1 answer

Do I really need mod_security?

I'm doing a clean install of my server and I'm looking for some advice on whether or not I actually need the Apache mod_security module. I consider myself to be a bit security paranoid when it comes to my servers, but is it worth going through all…
Rob
1 2
3
22 23