Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

1 answer

Apache server fault after configure mod-security2

I configured mod-security, from https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu . After that a restart apache service but i caught error: The apache2 configtest failed. Output of config test…

apache-2.4 mod-security apache-2.2

asked Jan 11 '15 at 01:23

Jan Richter

21
1
2

1

vote

0 answers

ModSecurity on Apache 2.2 in EC2 - HTTP Status 413 messages dropped

Hi I am running Mod_Security on Ubuntu instances in EC2 behind an Elastic Loadbalancer. The app is a Ruby App. I have set SecRequestBodyLimit 293601280 When I upload files below that size, they are processed as expected. When I exceed the size…

apache-2.2 amazon-ec2 ubuntu-12.04 mod-security

asked Dec 10 '14 at 18:47

Dan Goldberg

11
1

1

vote

1 answer

mod_security RBL - apparent false positive

I'm struggling with an RBL rule in mod_security under apache 2.2 that seems to be giving me a false positive. I see the following in the audit log (IP address redacted): Message: RBL lookup of 4.3.2.1.sbl-xbl.spamhaus.org succeeded at REMOTE_ADDR.…

mod-security rbl

asked Nov 24 '14 at 21:28

KenB

162
1
6

1

vote

1 answer

Proper SSL config for SSL - Apache2 ignores DocumentRoot

So here's my current config: DocumentRoot "/var/www/keypad" ServerName keypad.io SSLOptions +StrictRequire SSLRequireSSL SSLProtocol -all +TLSv1 SSLEngine on …

openssl apache-2.4 ubuntu-14.04 mod-security

asked Oct 15 '14 at 15:22

subdavis

111
3

1

vote

1 answer

Changing ModSecurity Logging on a Per Transaction Basis

I am trying to trace all requests being made to a website on a shared hosting server. Packet capture is just going to be too cumbersome. We use Mod Security (2.8) with good effect, although due to the load we only have limited logging…

mod-security

asked Sep 12 '14 at 11:17

Santrix

253
3
10

1

vote

1 answer

Simple DoS protection with mod_security?

I have mod security2 in ubuntu 14.04 LTS server. I saw the below tutorial: http://blog.cherouvim.com/simple-dos-protection-with-mod_security/ The above sadly do not work on me apache error : * Restarting web server apache2 …

ubuntu-14.04 mod-security

asked Aug 14 '14 at 20:38

Shake-the-World

11
5

1

vote

2 answers

PHP and Text Area Triggering Mod_Security

I have some text areas in a form that are posted back and stored using PHP / MySQL. However, if a user presses return for a new line in the text area, mod_security is blocking it with the below log entry: Pattern match "\\W{4,}" at ARGS:notes.…

apache-2.2 php mod-security

asked Aug 09 '14 at 19:53

Jason

371
1
7
19

1

vote

1 answer

Apache mod_security crs blocking PDF files

I've just installed CRS for Apache mod_security and it's reporting all PDF files as possible attacks. Specificaly, it's the modsecurity_crs_20_protocol_violations.conf that's causing the trouble saying those files begin with 0. When a user tries to…

apache-2.2 mod-security

asked Jul 08 '14 at 13:12

Petr

11
3

1

vote

1 answer

Apache error_log filled with modsec blocks

Ever since I enabled Apache modsecurity I've been checking the logs and been seeing the following constantly like 24/7: [Wed Jun 25 12:40:07 2014] [error] [client 112.215.65.61] ModSecurity: Access denied with code 501 (phase 2). Pattern match…

apache-2.2 mod-security

asked Jun 25 '14 at 15:15

Ivan

893
2
9
23

1

vote

2 answers

ModSecurity Error Entries

Recently, I was passed some error logs to take a look into, since we'd had some network spikes recently. However, I've never worked with modsecurity (I'm a programmer just doing this since we don't have a real sysadmin), and something alarming came…

linux security shell mod-security

asked Aug 30 '09 at 06:43

waiwai933

156
1
2
14

1

vote

0 answers

Curl Sourced DDoS: How to detect it & how to stop?

Okay, an Ubuntu server I manage fell victim to a DDoS attack today. Usually this is unpleasant but not that big a deal. A few high server load moments & then it passes. Today was clearly different. For the record, I have years of server attack…

apache-2.2 security ddos curl mod-security

asked Apr 16 '14 at 03:02

Giacomo1968

3,522
25
38

1

vote

2 answers

mod_security configuration issue: Error parsing actions: Unknown action: ver

I am trying to install / configure mod-sec using this tutorial, which uses the OWASP ModSecurity Core Rule Set. However when I go to restart apache, I get the following error: Syntax error on line 53 of…

apache-2.2 security ddos mod-security

asked Jan 07 '14 at 12:50

Bob Flemming

1,175
3
13
17

1

vote

0 answers

nginx with fail2ban and mod_security

I forgot to update my fail2ban config for nginx. I just moved to nginx from apache. Today, I got a lot of cals from a single IP. IP tried to access login pages with post and get methods IP tried to use nginx as a proxy (GET http:/...) IP searched…

nginx fail2ban mod-security

asked Oct 21 '13 at 20:37

Mahesh

237
1
3
16

1

vote

1 answer

How do I handle apache2 modsecurity2 warnings like Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required?

After upgrade from squeeze to wheezy I get loads of these messages in my apache errorlog when I open a webpage on myserver, (changed to myserver.de here): [Sat Oct 19 01:06:21 2013] [error] [client 213.239.220.106] ModSecurity: Warning. Match of "rx…

apache-2.2 mod-security mod-pagespeed

asked Oct 18 '13 at 23:13

rubo77

2,282
3
32
63

1

vote

0 answers

apache DirectoryMatch matching filenames

I have the following code in my security.conf file of apache Options -ExecCGI php_flag engine off This is to prevent php execution…

apache-2.2 mod-security

asked Sep 17 '13 at 17:26

Virendra

111
4

Questions tagged [mod-security]