Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

2 answers

What is the difference between an Audit Log and a regular Log (In the context of mod_security)?

I am using mod_security What is the difference between and audit log (audit trail) and a normal log? I read on wikipedia that an audit log is a log of user activity, if this is the case what would you need another log for - is it for system based…

logging mod-security

asked Apr 29 '10 at 19:57

Joshua Enfield

3,454
8
42
59

1

vote

0 answers

modsecurity regex not always matching simple rule

Im trying to create a simple modsecurity regex rule that stops processing the rules when a match is found and just returns status 200 on a POST request so that it doesnt continue and get blocked by another CRS rule later in the chain. Heres my…

regex mod-security

asked Apr 23 '23 at 22:00

Tim

203
1
9

1

vote

1 answer

ModSecurity breaking the Wordpress Theme Editor - cannot write proper exclusion rules

This is a duplicate of a question I've just asked on StackOverflow, before realizing this was maybe a better place where to ask it. I have ModSecurity 2.9.3 and the OWASP CRS 3.3.2 security rules running on my new VPS (Virtualmin). I enabled the…

wordpress mod-security

asked Jan 13 '23 at 02:14

nonhocapito

111
2

1

vote

0 answers

How to disable mod_security for a subdomain?

I'm trying to disable mod_security for a custom subdomain. I tried to include the following in modsec/modsec2.user.conf. SecRule SERVER_NAME "desktop.xyz.com" phase:1,nolog,allow,ctl:ruleEngine=off But i'm getting "Syntax error on line 15 of…

mod-security

asked Nov 10 '22 at 05:32

Brian Millot

11
1

1

vote

0 answers

ModSecurity: Block all IPs except for a list of defined IPs

I have an apache server with ModSecurity. I need to block all IPs except for a few ones. The list of IPs is like…

apache-2.4 apache2 mod-security

asked Apr 01 '22 at 18:56

Jacobo

111
1

1

vote

1 answer

Nginx and Modsec version mismatch

I have installed nginx and modsec roughly following this tutorial https://www.linuxcapable.com/how-to-install-modsecurity-with-nginx-on-ubuntu-20-04/. After a couple of months working perfectly I am now getting this error: nginx: [emerg] module…

nginx mod-security ubuntu-20.04

asked Apr 01 '22 at 14:10

andygozindy

31
4

1

vote

1 answer

How to get the remote hostname resolved through DNS when using Nginx and ModSecurity?

The question mod_security with OWASP CRS: Custom rule for whitelisting googlebot provides the following rule as the answer to verify the client's hostname: SecRule REMOTE_HOST “@rx google(bot|)\.com$” “id:50000,nolog,allow” This rule was meant to…

nginx mod-security

asked Sep 28 '21 at 19:59

Ronaldo

73
7

1

vote

2 answers

Apache modsec + ssl proxy loop

I have a server where we have the following setup: http://example.com -(REDIRECT)-> https://example.com Now we would like to add a simple ssl proxy(on the same machine where the A record is also pointing to) that will do the…

apache-2.4 reverse-proxy proxypass mod-security

asked Jan 08 '21 at 14:01

Appelpitje

11
1

1

vote

1 answer

REQUEST_URI exact match modsecurity

I need deny a portion of an url with modsecurity , example: index.php?page_num=users I have implemented this rule: SecRule REQUEST_URI "/index\.php\?page_num=users" "id:10000100,phase:1,t:lowercase,deny,msg:'UsersDeny'" It works for the URI…

mod-security

asked Oct 20 '20 at 14:17

Vic

11
2

1

vote

1 answer

modsecurity3: replace rule with a custom one for a specific URI

In a crs 3.2 there is a rule with ID=941320 which prevents CKEditor to work within drupal. CKEditor is a wysiwyg that produces html and attempts to upload it to server. Modsecurity 3 with crs blocks such a request then. To mitigate false positives I…

mod-security drupal

asked Sep 22 '20 at 02:03

mprzyc

11
1

1

vote

1 answer

mod_security: How to log POST requests for specific URI ONLY?

I am currently running Apache 2.4.25 on Debian 9.8. I'm trying to set up mod_security to log POST request payloads for a specific URI. I have several API on a Debian server and I have to log all of them except 2. I tried to log only one URI for…

apache-2.4 logging mod-security

asked Aug 10 '20 at 13:32

Sylvain Lefevre

11
3

1

vote

2 answers

ModSecurity blocks legitimate client requests

Randomly, the modsecurity blocks legitimate clients requests giving the error 403. Here is para of the modsec_audit.log: ---d6e99f36-A-- [21/Jun/2020:07:14:45 +0100] Xu761X8AAAEAADI1YrAAAABQ xxx.xxx.xxx.xxx 60036 xxx.xxx.xxx.xxx…

apache2 mod-security http-status-code-403

asked Jun 21 '20 at 06:19

Kaspacainoombro

13
2
5

1

vote

0 answers

mod_evasive triggering client denied by server configuration: from SquirrelMail download.php

mod_evasive is triggering the below errors from SquirellMail on Apache 2.4.43-1 on Fedora 31. And since this causes a 403 Forbidden error, Fail2ban is also triggered and blocks the IP, as it appears that the IP tries to access the 403 page 14 times…

apache-2.4 mod-security squirrelmail

asked May 20 '20 at 21:24

RobbieTheK

400
6
18

1

vote

0 answers

ModSecurity, Create an IP Blacklist file

We have a list of IPs that we want blocked. I currently have them blocked at the firewall, I would like to create a file that ModSecurity will read, and block those IPs. This is a pretty big list, as it has been created over a couple years. Is there…

iis mod-security ip-blocking

asked May 18 '20 at 18:27

Seth

11
2

1

vote

0 answers

Modsecurity...Host header is a numeric IP address Cannot serve directory no matching directoryindex

my system is Debian 9 Apache2 php-fpm i am experiencing an error with one of the websites on my webserver. I have tried adding an index.html file into the public_html directory (and disabling htaccess and wordpress index.php), however it appears to…

apache2 mod-security debian-stretch

asked May 14 '20 at 10:51

adam

11
3

Questions tagged [mod-security]