Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

0

votes

1 answer

OWASP-CSR on ATS

I have some Apache Traffic Servers that use in CDN platform. Is it possible to configure OWASP-CSR on Apache Traffic Server? If yes, how can I implement it?

mod-security

asked Feb 13 '21 at 12:48

Samira Rahighi

0

votes

1 answer

Cannot find rule ID to whitelist an IP in ModSecurity

I have a local IP that was apparently banned. I would like to whitelist it. The subnet is already in my /etc/modsecurity/modsecurity.conf file: SecRule REMOTE_ADDR "@ipMatch 192.168.0.0/19" "id:20190108,phase:2,pass,nolog,allow,ctl:ruleEngine=Off" I…

apache-2.4 ubuntu-18.04 mod-security

asked Feb 02 '21 at 23:24

DevOpsSauce

348
1
5
22

0

votes

1 answer

My centOS 7 minimal font screwed up when trying to tail modsecurity audit log

My font display was completely normal. But right after i cat or tail /var/log/modsec_audit.log, my font becomes like this. Any solution? Image link: https://i.stack.imgur.com/XkIyj.png

nginx centos mod-security

asked Jan 11 '21 at 19:31

newbie01

1

0

votes

1 answer

Which actions are retained on SecRuleUpdateActionById changes from the original rule?

So, SecruleUpdateActionById requires relisting action flags. At least that's my reading of "actions that can appear only once are overwritten". Which is fairly obvious for most of them, but less so for ctl: or specialty parameters. I'm currently…

apache-2.4 mod-security

asked Dec 20 '20 at 17:05

mario

125
12

0

votes

0 answers

Compile ModSecurity 3.3 with YAJL

anyone could help? I'm stucked on this. I already compiled ModSecurity 3.3 on this machine (followed these instructions). Now I'm trying to compile with YAJL (Yet Another JSON Library) to be able to log in JSON format. I installed yajl and…

centos mod-security libraries headers compilation

asked Nov 22 '20 at 23:43

Filipe

1

0

votes

1 answer

apache server responding 403 to some clients, for a wordpress site

I rented a barebone server, installed Centos 7, then centos web panel, with server set to apache only, using apache 2.4.4x and php 7. I set up a wordpress site on one of the vhost, after editing for a while, while I tried to view the site on my…

apache-2.4 wordpress mod-security

asked Nov 07 '20 at 01:01

Jimmy Chi Kin Chau

11
5

0

votes

1 answer

Why don't the CRS rules in ModSecurity block all threats?

I'm in the process of configuring the new Ngnix v1.18.0 server together with ModSecurity-nginx v1.0.1. I've added OWASP CRS 3.3.0 rules to the configuration. Unfortunately, I can't clearly tell if the rules are working. While reading blogs and…

nginx mod-security ubuntu-20.04 owasp

asked Oct 19 '20 at 14:39

nsog8sm43x

101
1

0

votes

1 answer

How to automatically block with MODSEC or CSF an IP Address when it tries to access a URL

We have in our server logs every day continuos bot trying to access the below for example: Requests with error response codes 404 Not Found /favicon.ico: 3 Time(s) /3ckkB-ZOp30: 2 Time(s) /adminer-3.7.1.php: 2 Time(s) /eGfLqNJOuqgur2f: 2…

mod-security csf whm

asked Oct 06 '20 at 06:43

Devteam9200

1
2

0

votes

1 answer

ModSecurity won't apply rules - no error log entries

I have a fresh installation of CentOS 8. I installed Apache 2.4.37 from the repo. Then installed the latest ModSecurity: dnf install mod_security -y Checked the installation dnf info mod_security Result: Name : mod_security Version :…

centos mod-security

asked Aug 08 '20 at 13:46

MarkHelms

181
5
16

0

votes

0 answers

WAF(modsecurity) / Plesk IP Banned, is it Googlebot? Is it a false positive? Is it a malicious IP?

I was alerted by my Plesk server that an IP Address had been banned. Normally I don't check banned IPs, but this one happened to coincide with our site going down for 1 minute at the same time. Banned the following ip addresses on Mon Jul 27…

mod-security plesk web-application-firewall googlebot ip-banning

asked Jul 27 '20 at 23:59

Maurice

141
1
4

0

votes

0 answers

Rule 933160 violated even though it's been excluded

I've installed nginx with modsec with the following versions: Modsec verion: v3.0.3 Nginx version: 1.13.6 and I've excluded rule 933160 as followed: SecRule REQUEST_URI "@beginsWith /a/b/c/d" \ …

mod-security

asked Jul 06 '20 at 17:49

skwokie

165
2
9

0

votes

1 answer

Changing time format in Modsecurity log

I wonder if it's possible to change time format which Modsecurity 3 uses in its audit log. I came across that time format differs depending on SecAuditLogFormat setting. When it's Native, timezone is present: ---immbqR4e---A-- [16/Jun/2020:11:24:03…

mod-security

asked Jun 16 '20 at 08:31

P. D

11
1

0

votes

1 answer

Apache2 mod_evasive for only one virtual host

I'm testing a scenario where, I'm hosting two-site on same machine with help of apache web server. I'm looking to enable mod_evasive for only one site. I don't see any way to get it working. Following is the scenario and things I have tried. Ubuntu…

apache-2.4 apache2 mod-security

asked May 18 '20 at 17:15

Jerry

1
1

-1

votes

1 answer

Modsecurity block request

How can I block in modsecurity these requests: 12.54.87.55:443 https://12.54.87.55 tried SecRule REQUEST_URI "12.54.87.55:443" phase:1,id:1008,log,deny,status:403 but seems like it's not working. I want to block all the requests where Host header…

apache-2.4 mod-security

asked May 30 '18 at 10:11

Igor Vrabie

1
1

-1

votes

1 answer

specify the order of IDS , Firewall , WAF

i have an ubuntu system and i want to implement iptables as firewall, modsecurity as WAF and snort as IDS in this system and i have a server behind this system and i want to protect the server with this system. i want when the packet recieves first…

iptables firewall mod-security snort ids

asked Jul 26 '17 at 04:57

Trudy

1

Questions tagged [mod-security]