Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

Apache upload scanner not working as intended

I am trying to install a Upload scanner for any uploads via the web server Apache using inspectFile method in ModSecurity. The scanner script I use here is provided by the Maldet itself which in turn uses clamd engine. The files I am trying to…

asked Mar 09 '17 at 07:39

vjwilson

129
1
6

0

votes

1 answer

Modsecurity SecRuleUpdateTargetById not working

I'm trying to modify owasp crs 3.0 rule number 920440: [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"]…

mod-security

asked Feb 14 '17 at 17:18

Multihomed

1
3

0

votes

1 answer

Modsecurity cookie match

I run a small webhosting service (CPanel + ModSecurity) and I personnaly host few laravel projects on it. I noticed that when I (or anyone) visit multiple pages quickly (one after the other), at some point I get a Too Many Redirects error after the…

mod-security cookies cpanel

asked Nov 24 '16 at 23:29

Max13

141
1
9

0

votes

1 answer

ModSecurity SecRule REMOTE_ADDR NOT WORKING?

I'm trying to nolog for a particular IP 10.68.***.96 and 127.0.0.1 address but it seem not working... I already tried the following configurations (I know that some of them are depreciated but it's for the test): SecRule REMOTE_ADDR "@ipMatch…

ip remote mod-security rules

asked Nov 22 '16 at 12:37

Raphaël D

1
4

0

votes

0 answers

modsecurity add custom rules

I recently installed mod_security on apache 2.4.6 using owasp rule set, But there'e some problems with google recaptcha and non-english utf8 characters. I googled and for recaptcha I should add following custom rule to…

apache-2.4 mod-security

asked Sep 08 '16 at 14:46

Ehphan

111
2
8

0

votes

1 answer

Testing new ModSecurity rules in production - only some rules to DetectionOnly

I'm in the process of modifying an existing ModSecurity ruleset and I'm wondering how I should handle the process of adding new, (mainly) untested rules to production systems. At the moment, we do have a small set of active rules which is clearly…

apache-2.2 mod-security

asked Aug 25 '16 at 11:42

Michael Helwig

123
6

0

votes

1 answer

modsecurity doesn't log all response bodies

I'm trying to get response body of every request. (200 or 500, etc.) But mod_security doesn't put -E-- part (response body) in every request. For example, for this request: Request Body: POST /accounts/login/ HTTP/1.1 Host:…

apache-2.2 logging mod-security

asked Aug 23 '16 at 10:08

kikio

161
1
9

0

votes

1 answer

Whitelist for IP range on ModSecurity 2.9 & Apache 2.4.3

I'm try to add Google Ip range on white list for Mod Security I use Cpanel+Apache 2.4+ModSecurity 2.9.0+OWASP Rules On several post i se this conf SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19"…

apache-2.4 mod-security cpanel

asked Aug 21 '16 at 08:12

abkrim

417
7
18

0

votes

1 answer

Mod_Security on 2 CentOS 7-servers. Different log-format

I installed mod_security on 2 CentOS 7-servers. Bot got this config: SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIFHZ SecAuditLogType Concurrent SecAuditLog…

apache-2.2 centos7 mod-security

asked Aug 10 '16 at 20:10

MyFault

913
3
15
36

0

votes

1 answer

Modsecurity redirect rule : Send threatening user back to referrer

Consider the following SecRule, which takes a feed from a lua script that is executed: SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found'" If SQLi is found in a…

apache-2.2 mod-security

asked Aug 09 '16 at 15:02

Futh

17
5

0

votes

1 answer

Blocking a request with ModSecurity and lua script

I have web traffic flowing through ModSecurity. Within the ModSecurity configuration I am calling a Lua script that is running some simple analysis on the arguments of request string. Specifically, it is checking for evidence of Cross-Site…

mod-security lua

asked Aug 05 '16 at 17:39

Futh

17
5

0

votes

1 answer

ModSecurity IIS Block Out of Country IPs by X-Forwarded-For

Problem We've had someone that has been trying to crawl our site with random, malicious urls (for about 12 hours now). Here is the log file 2016-06-29 08:17:02 10.X.X.X GET /assets/plugins/lightbox/Images/url - 443 - 10.X.X.X…

security mod-security iis-8.5

asked Jun 29 '16 at 16:37

Jack

119
4

0

votes

1 answer

Modsecurity check REQUEST_URI without query parameters

Currently, I am using Modsecurity XSS prevention, but I'm having a hard time understanding how exactly I can restrict what I'm checking for in the REQUEST_URI variable. My Example: # # -=[ XSS Filters - Category 3 ]=- # XSS vectors making use of…

apache-2.2 security apache-2.4 mod-security

asked May 02 '16 at 18:55

Derek Pollard

115
2
6

0

votes

0 answers

convert modsecurity apache specific rules for nginx

Using ModSecurity with Apache and OWASP CRS there are some rules which use apache specific directives like (in modsecurity_crs_55_application_defects.conf file): Header edit Set-Cookie…

nginx apache-2.4 mod-security

asked Mar 09 '16 at 09:49

Ehsan Mahdavi

155
1
2
9

0

votes

1 answer

Chrooting Apache 2.4 on Debian Jessie with mod_security

I have been advised to chroot my apache2 installation to better secure the sensitive content on the rest of the server. I have installed and setup mod_security properly and can see in the logs that it is chrooting apache2 properly, but systemctl is…

apache-2.4 chroot systemd mod-security debian-jessie

asked Feb 22 '16 at 06:13

Drew

3
3

Questions tagged [mod-security]