ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.
Questions tagged [mod-security]
344 questions
0
votes
2 answers
Modsecurity rule to not scan URIs
Good Morning,
I am currently on creating a new mod security 2.5 rule.
My deployment:
I have an Apache server in reverse proxy mode. This Apache server does not host the websites. Instead, I proxy the requests to another server that answers the web…
Arlion
- 608
- 1
- 5
- 17
0
votes
2 answers
Modsecurity: no action id present
I have not been doing anything with my site for a while and recently upgraded Ubuntu from 12.04 to 14.04 LTS, but now I am getting errors like:
Modsecurity: no action id present
I looked around online and most answers tell you to add id=1234 or…
Stochastic13
- 121
- 4
0
votes
1 answer
Does a mod_security error block a visitor?
Does a mod_security execution/rule error or errors in general block users from visiting my website? Ive got many rule and execution errors, Ive just whitelisted these rules but maybe I could just ignore them.
The website is in production with…
Krazos
- 1
- 1
0
votes
1 answer
Apache with modsec "collections_remove_stale: Failed to access DBM file"
I seem to getting alot of these lately in my apache error log:
Message: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Resource deadlock avoided
Server Version: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips…
Ivan
- 893
- 2
- 9
- 23
0
votes
2 answers
Modsecurity oddity
my mod security is loading fine but when I set the server token like so
SecServerSignature "Infodous Webserver" it returns
"Infodous Webserver mod_fcgid/2.3.6 PHP/5.4.39-0+deb7u1 proxy_html/3.0.1 Server at REDACTED Port 443"
Is it possible to make…
0
votes
1 answer
WAF at Transparent Mode
I want to use Mod Security as transparent mode. Mod security web application firewall (WAF) should be between server and client and client provided with only server's IP address to access the site. The client should not aware about the presence of…
Praveen
0
votes
0 answers
prevent phpbb bruteforcing with mod_security
Update: I edited this and added a fail2ban tag. Perhaps that might be another way to handle this issue.
I'm running phpbb 3.0.13-PL1 and I would like to protect the login page from bruteforcing. I'm wondering if anyone can tell me what php page to…
michelle
- 101
0
votes
1 answer
whitelist URI on mod_security enabled apache reverse proxy
I have an apache 2.2.29-1.4 with mod_security 2.8.0-5.25 which is a reverse proxy with mod_proxy_http for a local java application.
I have false positive on some urls and would like to whitelist some OWASP rules just on the given URIs.
Currently…
golemwashere
- 734
- 1
- 10
- 22
0
votes
1 answer
Modsecurity: Whitelist requests, Block all else?
I'm just reading up about - and experimenting with - modsecurity and hoping someone can educate a little about the method behind the madness.
The approach I'd ordinarily take with any firewall is to whitelist what I want to occur whilst blocking all…
befuddled
- 1
- 1
0
votes
1 answer
mod_security not blocking empty useragent requests
I can't get mod_security to block empty useragent requests. I am not very saavy with it so after searching I found this rule:
SecMarker BEGIN_UA_CHECK
SecRule &REQUEST_HEADERS:User-Agent "@eq 0"…
san671
- 51
- 1
- 6
0
votes
0 answers
Server wont let me save URLs to MySQL database?
I am posting here because all other forum say it's a server environ issue.
I have a site with the ModX CMS on it hosted on a GoDaddy server (not sure about the specific setup is as client has forgotten login details). For some reason (mod_security?)…
MeltingDog
- 101
- 1
0
votes
1 answer
Fine-grained control over mod_security logging
I installed mod_security2 on several dozen servers (each with several dozen VHosts) and don't have the time to configure it for every VHost. In the default configuration, it produces copious amounts of false positives in log files, so I chose to let…
user2845840
- 213
- 1
- 8
0
votes
2 answers
How to detect brute force in mod-security
I checked the core rules set in the mod-security but it's didn't contain the rules related to Brute-Force Attack!!! Did anyone know how to write the rules or the existing rules for this kind of Attack!
Thanks in advanced,
Wingless-Archangel
- 43
- 7
0
votes
1 answer
mod-security not blocking POST request
I have a mod-security compiled from source and installed on Ubuntu Server 12.04, Apache 2.2.22. I loaded the OWASP core rule set, and I can see them getting triggered on the log file /var/log/apache2/error.log with a simple POST request with…
vincentleest
- 103
- 1
- 5
0
votes
1 answer
How i can block requests for a specific page?
I would like to completely delete or block access to a specific page in my site.
More specifically, I have seen this exploit "Joomla COM_MEDIA Exploit" : http://all1gat0r.blogspot.gr/2013/08/joomla-commedia-exploit.html
and from what I see, there is…
Shake-the-World
- 11
- 5