Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

modsecurity wont start with an apache server

I have a Debian server where apache2 is running. I want to use modsecurity for throttling. apache2 info $ apache2ctl -v Server version: Apache/2.4.29 (Debian) Server built: 2018-01-14T11:01:58 I installed libapache2-mod-security2 with sudo apt…

asked Sep 15 '22 at 13:16

Hussain Nagri

181
1
9

0

votes

0 answers

It's not making shell script of modsecurity after compiling from source. modsecurity v2.9

I compile modsecurity from source. But it's not making the executable shell script. How can I get the modsecurity shell script? I went back to back but didn't get the shell yet. any help?. root@3c6a29e9f9b5:/home/modsecurity-2.9.3# ./configure…

linux shell-scripting mod-security

asked Sep 08 '22 at 09:41

kolo

1
2

0

votes

2 answers

How to block IPs making requests to specific domain?

I have a server with CSF and ModSecurity enabled. I'd like to set up a rule or configuration that will automatically block (for a specified amount of time) any IP that makes incoming requests to a particular subdomain. In this instance it is…

mod-security csf

asked Aug 06 '22 at 21:21

inspirednz

173
1
9

0

votes

0 answers

Drop connection without sending packets

I would like to prevent default virtual host behaviour by dropping the connection, so that visitors who navigate to my server via IP or fqdn that isn't included in my virtual hosts get no indication that any web server exists (other than seeing open…

apache2 mod-proxy mod-security connection-refused

asked Jul 14 '22 at 01:26

jackar

11
2

0

votes

0 answers

Mod_Security prevent brute force for Joomla

I am trying to find/create a Mod_Security rule to detect & block multiple login failures on the latest version of Joomla. I found an answer from March 2015 here: https://serverfault.com/a/646608/960638 but in my own tests it does not detect login…

mod-security joomla

asked Mar 31 '22 at 09:53

Peter

1

0

votes

1 answer

ModSecurity 403, COMODO WAF detects XSS while trying to access phpMyAdmin

I have a copy of phpMyAdmin in one of my server in a subdomain 'pma' and inside a directory in it named 'app' (manual installed from zip archive, not via yum), which I use for DB related management and it was working ok for couple of months. A…

firewall mod-security phpmyadmin

asked Jan 12 '22 at 04:49

Nishu Ali

1
2

0

votes

0 answers

Modsecurity Not working with beautified URLs

I have modsecurity on nginx and everything works except for URL like below: https://example.com/input_1.3=6111163&id=1' and 1=1 -- But it works for this one: https://example.com?input_1.3=6111163&id=1' and 1=1 -- Where is the problem?

nginx security mod-security

asked Dec 19 '21 at 16:35

Abadis

156
3

0

votes

0 answers

How to use modsecurity on AWS EC2 with ELB

Query attacks from outside are too frequent since AWS EC2 was used. AWS WAF is too expensive and burdensome. I'm trying to install modsecurity inside the server, but it's not working properly because of ELB. Is there any other alternative or way?

amazon-ec2 mod-security

asked Dec 06 '21 at 00:37

LivePark

1
1

0

votes

1 answer

Which protections can I use on the server

I have read about server protection and I know how to work with fewalld protection because it is not demanding. My question is: Which of the following protections is best for the server and which of the offered ones can be used together on the…

linux selinux fail2ban firewalld mod-security

asked Nov 30 '21 at 12:32

Edgar

17
4

0

votes

1 answer

How to reduce Modsecurity disk IO

Modsecurity generates a lot of disk io operations, and the file www-data-ip.pag is read and written continuously. Is there any solution that can effectively reduce this? Could it be moved to RAM in some way?

apache-2.4 mod-security

asked Aug 16 '21 at 19:41

AndreaF

215
2
10

0

votes

1 answer

How do I set the anomaly score in crs-setup.conf?

I am using v3.0.0 of CRS with ModSecurity set to DetectionOnly mode and the nginx connector. I want to set the anomaly score to 100 or so to fine-tune the settings, but I can't see where or how to do that. Looking in crs-setup.conf nginx 1.18.0 if…

linux nginx mod-security

asked Aug 04 '21 at 18:24

richardwhitney

113
5

0

votes

0 answers

Can't get docker image owasp/modsecurity-crs:apache reverse proxy to work

I have an endpoint https://my-portal.nl and I wan't to place a WAF with the OWASP Core rule set before it. So I found a Docker image(owasp/modsecurity-crs:apache) that can proxy all the requests to my endpoint (https://my-portal.nl). For some reason…

docker mod-security

asked Jul 27 '21 at 13:48

RAGI

1
1

0

votes

1 answer

mod_security with OWASP CRS: Custom rule for whitelisting googlebot

I am about to use OWASP CRS rules with mod_security on my WHM/cPanel enabled CentOS server (with apache). But I fear that accidentally Googlebot may be blocked by one rule or the other. After enabling OWASP CRS, If I add the below custom rule…

owasp mod-security whitelist

asked Apr 25 '21 at 06:40

Kannan

101
2

0

votes

1 answer

Is it okay to use core ruleset v3.3 on modsecurity v2.9

I am just a beginner in the field of security. I have installed ModSecurity v2.9 on my server using this link. But GitHub repository for the core rule set in the link was outdated, so later I removed the ruleset with the official ruleset. Is it okay…

security firewall web-applications mod-security

asked Jun 09 '21 at 16:08

Praveen Kumar P S

1
1

0

votes

2 answers

How do I restrict a specific client, based on their host name, with ModSecurity SecRule?

I am trying to restrict specific hosts (e.g. AWS) from accessing my webserver. I tried different variations of these but it doesn't work. # Block AWS SecRule REQUEST_HEADERS:Host ".*\.amazonaws\.com.*" \ "msg:'AWS…

firewall mod-security web-application-firewall

asked Apr 27 '21 at 02:19

David

81
1
7

Questions tagged [mod-security]