Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

344 questions
1
vote
1 answer

mod_security2.so: undefined symbol: ap_unixd_set_gl

service httpd restart Stopping httpd: [ OK ] Starting httpd: httpd: Syntax error on line 205 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_security2.so into server:…
Thompson Smith
  • 49
  • 2
  • 6
1
vote
1 answer

Nginx with mod_security support

I have compiled nginx with mod_security support. In error log I can see the support for mod_security 2012/08/27 11:13:11 [info] 602096#0: ModSecurity for nginx/2.7.0-rc2 (http://www.modsecurity.org/) configured. 2012/08/27 11:13:11 [info]…
Hex
  • 1,949
  • 11
  • 17
1
vote
1 answer

mod_security: track user to check if redirected to login failed page

I have to log when a user fails to log in to a web application. Unfortunately, this web application is not able to do this out of the box and I can not change it. Now I'm experimenting with mod_security. My idea is to track the POST request, extract…
mr51m0n
  • 11
  • 1
1
vote
1 answer

Broken URLs after enabling mod_security

For example this pdf stopped working after enabling the mod, it generates 403 error. [Wed May 30 18:47:19 2012] [error] [client xxxxxxxxxxx] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required.…
Johan Larsson
  • 117
  • 3
  • 13
1
vote
1 answer

apt-get update Error

I get the following error when typing: # apt-get update W: Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/etch/Packages 404 Not Found [IP: 80.28.139.208 80] E: Some index files failed to download. They have been…
h00j
  • 388
  • 7
  • 21
1
vote
2 answers

error: libxml2 is required (modsecurity)

I am trying to install mod_security from source. when i run ./configure I get this error: configure: error: libxml2 is required After that error, I executed this command: yum install libxml2 It installed libxml2 properly. However, I'm still…
Kashif
  • 493
  • 9
  • 20
1
vote
1 answer

How to debug modsecurity_audit_log

I was accessing www.example.com/RestAPI/index.php/tweets.json in my server. The modsec_audit.log showed the following error, but there is no related errors/warnings in modsec_debug.log. I could see the Internal Server error is logged in…
max87
  • 13
  • 3
1
vote
1 answer

Configuring mod_security on Ubuntu 10.04

After spending ~24 hours trying and failing to setup mod_security in Ubuntu 10.04 LTS, I've finally decided that I'm going to need some help. I've tried pretty much every tutorial I can find with a variety of rule sets - and I never seem to get the…
anon
1
vote
2 answers

How do I enable mod_security in Ubuntu 10.04?

A quick run through of what I've done: apt-get install libapache-mod-security a2enmod mod-security create /etc/apache2/mod_security_rules/ with base_rules and optional_rules from the latest core rules set create /etc/apache2/conf.d/mod_security as…
Andrew
  • 8,002
  • 3
  • 36
  • 44
1
vote
2 answers

mod_security never tells what the problem is

Normally I would just pester my provider to disable the rule. And while he certainly deserves pestering, I've done that way too often already for the low service price. (Like always this is about a mod_security rule that's just a blacklisting entry…
mario
  • 125
  • 12
1
vote
3 answers

Where does Ubuntu 10.04 store the configuration file of mod-security?

I've installed libapache-mod-security on Ubuntu 10.04. The only configuration file I've been able to find is this one: # cat /var/lib/dpkg/info/libapache-mod-security.conffiles /etc/apache2/mods-available/mod-security.load However, this does not…
ReinoutS
  • 291
  • 3
  • 3
1
vote
2 answers

Why doesn't my mod_security catch / log anything?

I installed mod_security on my Ubuntu GNU/Linux server but when I send some simple requests to the web server that should match even the simplest rules, I fail to see any alerts or any log files that were supposed to exist in /var/log/apache2. What…
Emre Sevinç
  • 239
  • 3
  • 7
  • 15
1
vote
2 answers

What web application firewall do you use? What should I use?

What web application firewall do you use? I'm primarily interested in something I can deploy on the perimeter that can protect multiple Apache and IIS servers, but I'd like to hear all answers. Tell me a little bit about how many servers it…
Antonius Bloch
  • 4,680
  • 6
  • 29
  • 41
1
vote
1 answer

how to control apache mod-security for IP-address

I have mod security installed on my server. It is working for all IP addresses. Now I need to EXCLUDE specific IP addresses from applying this mod-security. How can I do so? Is there a way to control it using apache?
Alaa Alomari
  • 638
  • 6
  • 19
  • 37
1
vote
1 answer

Simple, current how-to install mod-security on cPanel server?

Does anyone have or know of a simple, up to date how to for installing mod-security on cPanel and configuring it after install? Every how to on the web I've found is at least two years old and is based on a mod-security addon function in cPanel…
linux911
  • 99
  • 1
  • 8
1 2 3
22 23