Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

mod_security unable to add OWASP CRS - CentOS 7

My website has been under constant attack from hackers since the day I set up the virtual server and installed WordPress. I was able to install mod_security, however, I am unable to add the OWASP CSR. I have been following this tutorial:…

apache-2.4 mod-security

asked Feb 20 '16 at 22:37

user339639

1
1

0

votes

1 answer

modsecurity Does not contain custom REDQUEST_HEADER_NAMES

Trying to build a rule that will 403 any incoming traffic that doesn't contain the header X-CFKey and match a specific of X-CFKey. I've got modsecurity testing X-CFKey value successfully but fails when the header is missing all together. I'm trying…

apache-2.4 mod-security

asked Feb 10 '16 at 05:08

Alex Turner

115
6

0

votes

1 answer

mod_security: What's the point of action auditlog?

I'm fiddling around with mod_security to log POST request payloads for a specific URI. As stated in this response https://serverfault.com/a/729079/292993 to a similar question mod_security's AuditEngine works like that: It will also log to…

logging apache-2.4 mod-security

asked Feb 01 '16 at 17:28

ahaertig

65
1
7

0

votes

1 answer

Modsecurity Whitelist and keep logging

I am white listing a tag and I am curious if there is a way to white list this and keep the logging to this at the same time. SecRuleUpdateTargetByTag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION" !ARGS:/^fallout/ Would something like this…

logging mod-security whitelist

asked Jan 20 '16 at 18:56

LUser

217
1
6
15

0

votes

0 answers

Modsecurity: How can I consolidate all SecRules to ignore aparameter

How can I consolidate all or any secrule to ignore a parameter with modsecurity? I have a form that will always flag as XSS, unfortunately, my rule list is getting rather large as the site grows. I now have a list of about 10 or so rules ignoring…

mod-security whitelist

asked Jan 14 '16 at 00:02

LUser

217
1
6
15

0

votes

1 answer

SecChrootDir Jailing apache 2.2.X on Centos 6.7

I was trying to do apache jailing on centos 6.7 with modsec. I already built everything even the jail directory and remodeled the config files. httpd(apache) says it started nicely, however its dead. When i try to see its status it says httpd dead…

apache-2.2 centos6 chroot mod-security

asked Jan 11 '16 at 08:11

user331172

1

0

votes

1 answer

security2_module for apache with owsap modsecurity crs base rules is causing the “Forbidden You don't have permission to access / on this server”

I installed the security2 module to my apache server with owasp mod security base rules by adding these following lines to my httpd.conf: Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf Include…

apache-2.2 http mod-security

asked Jan 10 '16 at 09:55

sorin

101
2

0

votes

1 answer

workaround for modsecurity false positive?

I was pasting "drwxr-xr-x. 2 root root 6 Sep 24 04:35 images" into a dokuwiki page That triggered modsecurity and I got a HTTP error. How can this rule be modified to avoid this kind of false positive? It happened on Dreamhost and support was…

apache-2.2 mod-security

asked Nov 13 '15 at 07:50

sdaffa23fdsf

215
1
2
8

0

votes

1 answer

Already enabled x-forwarded for in haproxy, but mod_remoteip 2.2 backport still doesn't work

I'm using haproxy to forward requests to Apache 2.2 bundled with modsecurity 2.7 and OWASP_CRS. I have enabled insertion of the X-Forwarded-For header in the haproxy config: defaults: option forwardfor except 127.0.0.1 header X-Forwarded-For In…

apache-2.2 haproxy httpd mod-security

asked Oct 23 '15 at 05:07

RedGiant

211
3
16

0

votes

1 answer

mod_security behind reverse proxy and clients IP

client -> haproxy -> mod_security boxes -> backends Problem: mod_security boxes use mod_rpaf with ip of haproxy in 'RPAFproxy_ips'. Apache logging shows clients real ip but mod_security still reports haproxys ip as seen below. Clients ip found in…

apache-2.4 mod-security x-forwarded-for mod-rpaf

asked Oct 14 '15 at 06:51

3molo

4,330
5
32
46

0

votes

1 answer

Change Mod Security Rule for Deny ( 401 Status Page )

I Used a mod security rule for deny wp login attept. SecRule REQUEST_METHOD "@streq POST" \ "phase:5,chain,t:none,auditlog,pass,msg:'Login Failure Detection: Wordpress Login Attempt Failure…

mod-security

asked Oct 04 '15 at 21:26

Mehrpouyan Co.

1
2

0

votes

0 answers

After install mod_security and mod_evasive, php not working

I followed this tutorial ( tutorial.centos.com.my/?p=69 ) and got success to install mod_security and mod_evasive. But php does not run, displays the code in the browser. Insert an index.php file in EC2 disk with the php code phpinfo (); but this is…

php amazon-ec2 mod-security

asked Sep 01 '15 at 02:56

Tiago Souza

41
1
5

0

votes

1 answer

Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf

I'm try install and configure Mod_Security on Amazon EC2 Linux 64 bits, but one error happens Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf: ModSecurity: Found another rule with the same id Need help to solve this, I tried to find in…

amazon-ec2 mod-security

asked Aug 31 '15 at 21:55

Tiago Souza

41
1
5

0

votes

1 answer

VPS server restarting MOD_SECURITY?

My VPS server has been acting up lately, for example last weekend the PHP module Imagemagick simply stopped working and I had to do a PERC uninstall / reinstall. Today my server has been totally unresponsive for up to 20 minutes. This is mission…

vps mod-security shutdown

asked Aug 13 '15 at 20:17

Peter Bartlett

1

0

votes

1 answer

Jetmon being blocked by ModSecurity, how to write override rule?

I have a WordPress site on a VPC and I'm trying to tweak ModSecurity to reduce the false positives. I have Jetpack monitoring which is being denied when ModSecurity is active. Log from Apache error.log [Sun Jul 26 20:25:31.569393 2015] [:error] [pid…

apache-2.4 ubuntu-14.04 mod-security

asked Jul 27 '15 at 02:25

dangel

89
1
11

Questions tagged [mod-security]