Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

3 answers

Disable server signature on nginx with modsecurity

I have compiled modsecurity and headers_more_module with nginx(1.13.6) on my ubuntu server. When modsecurity is not enabled at the nginx configuration, I am able to hide the origin server's name in the server responses: Server: nginx However, when…

nginx http-headers mod-security

asked May 24 '18 at 07:04

TrickyExplorer

89
1
3
11

1

vote

1 answer

How to deactivate base64 logging in modsecurity

In my modsecurity audit log there are base64-encoded Images which were logged from owncloud uploads. How can I add a custom rule in my virtualhost definition so that uploads are not logged as base64-encoded text? I found something that should work…

mod-security

asked May 11 '18 at 08:16

markgraeflerland

61
4

1

vote

1 answer

Configuring modsecurity for nginx

I have installed nginx using apt-get and now I want to implement modsecurity, a web application firewall on it now. All the solutions and procedures available online show the manual configuration of nginx(using git clone). Can anyone tell me how I…

nginx apt mod-security

asked Feb 07 '18 at 14:06

TrickyExplorer

89
1
3
11

1

vote

1 answer

Can't increase max POST size in Apache2

I'm trying to increase the POST requests size in order to let the users upload "big" files, after lots of "413 Request Entity Too Large" errors with small uploads (around 2 Mb). My Apache2 is running on Ubuntu 16.04 with mod_security2 enabled, so I…

apache-2.2 php mod-security

asked Sep 25 '17 at 20:59

TheUnexpected

131
1
1
6

1

vote

1 answer

Exclude sensitive data from modsecurity log

I'm setting up Modsecurity, and I have noticed that some sensitive data (credit card numbers) ends up in the log. How should I prevent this? Preferably I would want it logged, but with the sensitive data mangled. Example of a sensitive line in…

apache-2.2 mod-security

asked May 31 '17 at 13:06

klutt

157
8

1

vote

1 answer

High no of hits by facebook crawler on server

There are daily about 3000 404 hits or more from facebook crawler. Log is as X.X.X.X Y.Y.Y.Y - - [24/May/2017:03:43:35 +0000] "GET /health-and-medicine/trumps-2018-budget-cuts-funding-for-cancer-mental-health-and-hiv-research/ HTTP/1.1" 404 292…

linux security mod-security robots.txt

asked May 24 '17 at 11:25

YATIN GUPTA

203
1
2
9

1

vote

1 answer

can i disable ModSecurity rule via .htaccess?

On new server for my website, a centOS, when i try to upload an image via PHP and the file name contains a special character, like "my'file.jpg", i get a forbidden page and i can't even try to handle the error via PHP in log files i find…

apache-2.2 centos mod-security plesk

asked Apr 05 '17 at 09:40

al404IT

123
1
6

1

vote

2 answers

Enable modsecurity SecRuleEngine On for only a specific directory

Running Apache 2.2.x, modSecurity 2.8.0 I'm trying to get something like this working: # Default recommended configuration SecRuleEngine DetectionOnly # Settings options: DetectionOnly,On,Off # Only enable full security on candidate facing…

apache-2.2 mod-security

asked Mar 23 '17 at 11:50

Njna Grimsdottir

21
1
1
6

1

vote

2 answers

Apache/ModSecurity custom error page

I am trying to show a custom error page when Apache/ModSecurity rules are triggered. My plan is as follows: Change the status code for all rules to (for example) 501 use ErrorDocument directive to display a custom error page for this code Use php…

apache-2.4 mod-security

asked Feb 02 '17 at 10:35

Karolis

159
2
7

1

vote

2 answers

how to modificate modsecurity rule action for only one parameter?

I have a modsecurity with Core Rule Set. And I have POST-request with 3 parameters: Par1 = "base64-encoded XML "& Par2 = "url" & Par3 = "hash". I want to modificate CRS rules to base64Decode only Par1 and use Par2 & Par3 'as is'. I tried to use…

security mod-security web-application-firewall

asked Oct 21 '16 at 08:39

Vladimir

31
1
6

1

vote

1 answer

mod_security: disable cookie verification causing SQLI false positive

I'm trying to configure mod_security on CentOS 7 for apache2.4 with the OWASP ruleset. The thing is my web app generates a cookie with -- characters and it gets flagged as an SQLI. I read the following article how to whitelist a certain cookie…

centos7 mod-security

asked Aug 19 '16 at 10:16

sebclaut

21
3

1

vote

1 answer

Modsecurity : Creating a new Request Header from SecRule

Consider the following redirect SecRule which is activated from a Lua script SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found',setvar:REQUEST_HEADERS:Blocked" When…

mod-security

asked Aug 10 '16 at 19:22

Futh

17
5

1

vote

0 answers

mod_security forcing to redirect to Apache test page

i have installed drupal and installed couple of modules to provide the admin export to excel feature. when i click on the export button the page is getting redirected to Apache test page. I have done some R&D and commented #Include…

mod-security

asked Apr 28 '16 at 09:21

Suneel Kumar P

31
1

1

vote

1 answer

Disabling ModSecurity's SQL injection Rule

I've been trying to disable mod_security sql injection rule by adding this to the conf file SecRuleRemoveById 981172 SecRuleRemoveById 981243 SecRuleRemoveById 981173 SecRuleRemoveById 981249 SecRuleRemoveById 981318 SecRuleRemoveById…

ubuntu mod-security

asked Apr 21 '16 at 11:56

DavidSmith

13
4

1

vote

2 answers

mod_security too strict rule?

i just installed mod_security on my server but every page gets blocked with a forbidden error. i feel the rules are to strict, no? how can change it? this is the last line on my log Message: Access denied with code 403 (phase 2). Pattern match…

apache-2.2 ubuntu apache-2.4 mod-security

asked Feb 25 '16 at 03:51

Robert Caros

21
2

Questions tagged [mod-security]