Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

344 questions
0
votes
1 answer

ModSecurity for Apache 2.4.34 Failing with Invalid command 'SecRuleEngine'

I have A Ubuntu 18.04 server, installed Apache 2.4.34, and have compiled ModSecurity 3 with the apache module. I can successfully load the module, by adding: LoadModule security3_module modules/mod_security3.so to my httpd.conf and testing with…
Kevin
  • 133
  • 1
  • 2
  • 14
0
votes
0 answers

Apache modsecurity and htaccess which comes first?

Are htaccess rules executed before modsecurity rules? Sending illegal requests to couple of domains some of them trigger modsecurity but some of them with same illegal requests are not showing modsecurity forbidden message but 404 instead.
titus
  • 414
  • 1
  • 7
  • 17
0
votes
1 answer

Mod security syntax error

when i ran the command apache2ctl configtest it is showing this error AH00526: Syntax error on line 193 of /etc/modsecurity/modsecurity.conf: ModSecurity: Failed to open the audit log file: /var/log/apache2/modsec_audit.log and on line 193…
Sony
  • 103
  • 1
  • 7
0
votes
0 answers

PHP is not working after installing ModSecurity for NGINX on Ubuntu 16.04

My server is running on Ubuntu 16.04. One of my web app(php app) was running on my nginx server. To install ModSecurity I removed the NGINX completely and then followed the following steps to complie and install ModSecurity for NGINX as a Dynamic…
Mushfiqur Rahman
  • 101
  • 1
0
votes
1 answer

SPOE and modsecurity contrib Failed to decode HELLO frame

I'm compile modsec as described in the instructions contib/modsec/README, but have the next errors: # /usr/local/bin/modsecurity -n 4 -d -f /etc/haproxy/waf/modsecurity.conf 1534409877.286475 [00] ModSecurity for nginx (STABLE)/2.9.2…
Pavel Loginov
  • 1
  • 1
0
votes
1 answer

mod_security and apt-get

hi can anyone help me with mod_security configuration... I have installed mod_security on ubuntu 9.04 lamp server,... but now I want to install anything and type apt-get install program, it keeps saying that they all depend on mod_security... and…
asel
0
votes
3 answers

Docker multi-stage build with nginx and modsecurity - cannot open shared object

I have created a docker multi-stage build to be able to end up with a small, lean container with the most recent nginx version and some modules compiled from source. At the end I copy over the binary and a few other files to the final container -…
binaryanomaly
  • 406
  • 1
  • 4
  • 14
0
votes
1 answer

Mod_security exclusion not fully working, still blocking CSS and images

I have put either of the following in my rules: SecRule REQUEST_URI "@beginsWith /directory" "phase:1,id:12345,allow" SecRule REQUEST_URI "@beginsWith /directory" "phase:1,id:12345,ctl:ruleEngine=off" When I browse…
user3080539
  • 23
  • 5
0
votes
1 answer

Mod security exceptions not working

I would like to exclude a directory from mod security. I have tried everything under the sun in every config file to no avail. I have put stuff in the vhost file, the crs-setup file, the modsecurity.conf file, the exceptions file in the rules…
user3080539
  • 23
  • 5
0
votes
2 answers

Submit form forbidden when Enabling modsecurity crs sql injection

My site turns on Ubuntu 16, Apache 2.4, php 5.6 and I use the CMS Drupal 8 I installed the module mod_security. I activated it then I enabled the modsecurity_crs_41_sql_injection_attacks.conf. For each form, when I submit, I have an error 403…
Mohamed Ben HEnda
  • 103
  • 1
  • 5
0
votes
1 answer

Apache LocationMatch not matching

I'm trying to set up request throttling for certain sensitive URIs in an apache (v2.2) virtualhost with mod_security, but finding trouble with the use of LocationMatch. So far the configuration is as follows: ServerName…
André Fernandes
  • 969
  • 1
  • 10
  • 25
0
votes
1 answer

Can I print apache environment variable in error log?

I want to print mod_security anomaly score to apache error log. I use setenv to set enviroment variable, and %{name}e syntax to print it in log. Modsecurity config: SecAction "id:90100,phase:5,pass, nolog,…
Vladimir
  • 31
  • 1
  • 6
0
votes
1 answer

mod_security on Apache 2.4: Can I disable all rules for a specific request element?

I have an application served by Apache, on which mod_security is enabled, and I have been successfully tuning exceptions to avoid false positives using the likes of: SecRuleUpdateTargetById 981260 !ARGS:'/^PD-.*/' But now I am facing the case where…
NotSoOldNick
  • 103
  • 3
0
votes
0 answers

mod_security blocking SOAP client simulation

I'm writing a PHP SOAP server and I'm using PAW ( mac app ) to simulate SOAP client request on my local server I get a SOAP response on production server a get an 403 Forbidden error, since on this server I did have previous issue with mod security…
al404IT
  • 123
  • 1
  • 7
0
votes
1 answer

How to disable a specific mod_security rule in a specific directory?

I want to disable this rule: [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special…
romanturbo
  • 33
  • 1
  • 6
1 2 3
22 23