Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

How enable modsecurity only one site? in edit .htaccess?

nano /etc/apache2/mods-enabled/security2.conf SecDataDir /var/cache/modsecurity IncludeOptional /etc/modsecurity/*.conf IncludeOptional /usr/share/modsecurity-crs/*.load i try in…

apache2 mod-security

asked Aug 18 '23 at 08:23

dr.ipkins

1
1

0

votes

1 answer

bypassing mod_security for coding blog on dreamhost

I've written my own simple blog software to display syntax-highlighted code, and it all works perfectly on my localhost, but I'm having trouble with mod_security on my Dreamhost server. [Wed Aug 02 06:45:17.149632 2023] [:error] [pid 8910:tid…

mod-security dreamhost

asked Aug 02 '23 at 13:49

maganthro

101
1

0

votes

0 answers

Filtering Amazon servers by IP range AND URL

My server is often attacked by bots hosted on Amazon servers. So I configured iptables to block the largest ip ranges from Amazon. My problem is that let's encrypt use also Amazon servers to issue new SSL certificates, so it don't work on my server…

ubuntu security iptables fail2ban mod-security

asked May 30 '23 at 14:50

Fabrice Kimmel

1

0

votes

0 answers

Modsecurity Nginx breaking Wordpress Woocommerce checkout page. Can't find working rule exclusions

I am running an Ubuntu 20.04 based LEMP server on a Raspberry Pi 4. I am working on a Wordpress Woocommerce website at https://www.mcmo.is. Currently on iOS using Safari or Google Chrome, I can't get past the websites Woocommerce checkout page with…

nginx ubuntu mod-security rules

asked May 24 '23 at 16:49

DanRan

73
1
3
22

0

votes

0 answers

Modsecurity block access from all countries except from a specific IP or specific remote host

I have the below 3 rules in modsecurity. Rule 1: Block all countries defined as high risk except US: SecAction \ "id:900600,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:'tx.high_risk_country_codes = AD AE AF AG AI AL AM AO AQ…

security apache-2.4 apache2 mod-security

asked Apr 25 '23 at 17:15

BradG

101
2

0

votes

1 answer

ModSecurity : How prevent the body to be displayed in the JSON output?

Using Modsecurity, I write the catched requests in a log, in a JSON format. The body field is too verbose for my ELK index, and generates a lot of parsing errors. Can I disable the presence of the body in the JSON log ?

apache2 mod-security

asked Apr 20 '23 at 10:44

Jean

123
8

0

votes

0 answers

Tx-Variable does not increment in modSecure

I use Apache2.4 and mod_security 2. SecRuleEngine On SecRule REQUEST_METHOD "@streq put" "id:12345,phase:1,pass,log,t:lowercase,chain,logdata:'TX:PUT_COUNT=%{tx.put_count}'" SecRule REQUEST_URI "@contains /session/"…

apache-2.4 mod-security

asked Apr 19 '23 at 12:32

Paflow

173
1
1
7

0

votes

1 answer

ModSecurity : PCRE limit settings do not have any effects

I'm facing Rule execution error - PCRE limits exceeded (-8): (null). errors when I ask ModSecurity to analyse body data (using the SecRequestBodyAccess On directive). I've read about the problem, and I tried to increase the limit, both on Apache2…

php-fpm apache2 mod-security

asked Apr 17 '23 at 11:42

Jean

123
8

0

votes

0 answers

mod-security replace characters in POST body

I want to replace all the non-alphanumerical characters in the request body (not in the parameters themselves, but their values) with nothing using mod-security. For example: # Initial request param-1=val@@#ue1¶m-2=value{^%2 # Changed…

ubuntu apache-2.4 mod-security

asked Apr 06 '23 at 18:50

Kavishka Gihan

1

0

votes

0 answers

nginx IP Whitelist in http and stream directive

I use the following config for nginx with http and stream. Each of them should include the same IP whitelist. The whitelist looks like this: allow 78.153.123.0/20; allow 2a01:123::/32; deny all; My nginx config: user www-data; worker_processes …

nginx ubuntu mod-security whitelist

asked Mar 09 '23 at 06:12

pr0j3ctx

1

0

votes

0 answers

The ModSecurity WAF used with the authentication mode

I have two Apache VirtualHost allowing access to lists of files. The first directory or server is accessible without authentication. On the other hand, the second has the native Apache authentication mode called mod_authn_dbd. I configured the…

apache2 mod-security mod-auth

asked Jan 27 '23 at 10:59

Lynow

1
1
2

0

votes

0 answers

mod_security skips processing phase 2 rules looking for SecMarker

I'm trying to debug a mod_security2 issue where it at some point appears to stop processing phase:2 rules. I've installed libapache2-mod-security2 and modsecurity-crs from the default apt repositories and have enabled the engine. SecDebugLogLevel 9…

apache-2.4 mod-security

asked Jan 20 '23 at 10:09

Tom Cannaerts

211
1
8

0

votes

1 answer

Modsecurity Rule that Would Block the IP After a Certain Amount of 403 Errors

I am trying to figure out how to write a ModSecurity rule that would block the IP from the server for a period of time when that IP is generating a certain amount of 403 errors, and I am struggling with writing the rule. Does anyone have any ideas…

apache2 mod-security ip-blocking

asked Jan 10 '23 at 22:06

Hojat Sajadinia

3
2

0

votes

0 answers

Modsecurity Blocks the site on load because cdn-loop: cloudflare

A fresh install of Ubuntu 20.04, nginx version 1.23.2 and Modsecurity 3.3.4. When I visit www.example.com I get 403 Forbidden. When I change: http { modsecurity on; to http { modsecurity off; the site loads normally. The reason is CDN-Loop…

nginx cloudflare mod-security

asked Dec 18 '22 at 00:26

Abe

123
6

0

votes

0 answers

ModSecurity / CRS 3 - Tons of 920100 Warnings. Need Help Fixing/Explaining Rule Violation

Ubuntu 22.04 Nginx/1.23.2 ModSecurity-nginx v1.0.3 CRS 3.3.2 I found out today that my server froze up because ModSecurity created tons of log files 10GB each and the server ran out of disk space. The Audit Log is set to "Relevant Only" to show…

mod-security

asked Nov 03 '22 at 22:58

peppy

73
2
10

Questions tagged [mod-security]