Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

-1

votes

1 answer

Apache fails to boot after OWASP installation

I was trying to secure my server (apache 2.4.6 on centos 7) with mod_security and OWASP, but after following the instructions and installing OWASP, httpd fails to start with following error message: Apr 16 02:59:24 systemd[1]: Starting The Apache…

apache-2.4 mod-security

asked Apr 16 '17 at 01:08

aladar42

1
2

-1

votes

1 answer

Strange ModSecurity entries in Apache error log

I recently migrated my VPS to Plesk Onyx v17 (running on Ubuntu 14.04) and, when checked the error logs this morning, I noticed multiple records like this one: [Tue Apr 11 06:26:33.063983 2017] [:error] [pid 3306:tid 140450353870592] [client…

apache-2.4 ubuntu-14.04 mod-security

asked Apr 11 '17 at 16:10

Mike S

1
1
2

-1

votes

1 answer

modsecurity block google bots [ Sitemap 403 error (Forbidden) ]

I am submit sitemap on google webmaster tool google bots can't read my site. Error webmaster tool: http://prnt.sc/dh6qje modsec_audit.log: http://prnt.sc/dghx2n Please tell me how to fix this problem.

mod-security

asked Dec 09 '16 at 06:57

Ayan Chakraborty

101
1

-1

votes

1 answer

Clone http traffic to another port on same server transparently

I am experimenting with following setup. Clone/copy (but not redirect) all incoming HTTP requests from port 80 to another port say 8080 on same machine. I have a simple NGINX + Lua based WAF which is listening on 8080. Essentially, I am running two…

nginx iptables mod-security

asked Mar 29 '16 at 18:08

Iornman l

1
2

-1

votes

1 answer

Nginx with mod_security on EC2

I am looking to get some ideas and see what others are doing in terms of managing/keeping updated Nginx + mod_security on EC2 instances. The catch with this is that mod_security needs to be compiled and then Nginx needs to be compiled with…

nginx amazon-ec2 amazon-web-services mod-security amazon-cloudformation

asked Dec 21 '15 at 16:10

J Henzel

169
4

-1

votes

1 answer

Blocking request with query string

I'm an under a DDoS attack though I have cloud flare.. I found out that the attacker is accessing the server using query strings "?a=randomnumber" I don't use query strings in my website so I need to block any IP that tries to add query string in…

.htaccess mod-security cloudflare

asked Mar 20 '14 at 09:48

Seif Hatem

109

-1

votes

1 answer

You don't have permission to access /on this server

I created a form in joomla with 2000 fields but when I submit the form it gives me: error-- You don't have permission to access /en/soccer-player-update on this server. Additionally, a 404 Not Found error was encountered while trying to use an…

mod-rewrite mod-security security

asked Sep 06 '13 at 05:03

falsecoin

1
1

-1

votes

1 answer

hosting provider web server blocks certain url string by using mod security

I have a blog which has a post with the following as url /blog/insert-into-tablea-select-fields-from-tableb-for-specific-values-only/ This was working well until recently. I got a different HTTP Status like 412 Precondition Failed which is not…

mod-security

asked Jan 11 '13 at 08:58

Jayapal Chandran

141
1
7

-1

votes

1 answer

gotroot mod_security rules

Are the gotroot mod_security rules any good? I've heard that you will get a lot of false positives and before I try and use them on a live box just wanted to know if anyone else has experience with them.

apache-2.2 security mod-security

asked Feb 06 '12 at 19:05

Mike Williams

23
3

-1

votes

1 answer

Is ModSecurity intended for authentication or WAF?

What's the designed purpose of modsecurity for Apache/Nginx? Does it play the role of authentication (Basic/Forms/Cookie)? From my research, it appears to be a Web Application Firewall feature. The features like Authentication are best left to the…

mod-security

asked Jul 05 '22 at 22:35

JJS

143
6

-2

votes

1 answer

Apache server crashes due to bandwidth spike issue

The problem I am facing is that my Website (hosted on a dedicated VPS) was working fine for last 6 months. However from last two days, it gets huge spikes of DATA coming in and this causes server to crash. The hosting company shutdowns my server. I…

apache-2.2 centos fail2ban mod-security server-crashes

asked Jun 04 '15 at 12:27

Arjun

1
3

-2

votes

1 answer

mod_security: How to allow ssh/http access for admin?

I am going to be installing mod_security on my AWS EC2 Linux instance tonight and need a little help/reassurance. The only thing I am truly worried about right now is making sure my (admin) access to the instance and webserver is maintained w/o…

apache-2.2 amazon-ec2 amazon-web-services mod-security

asked Apr 04 '12 at 23:05

mattesque

21
5

-3

votes

1 answer

ModSecurity error on wordpress wp-login rules

I have made i ModSecurity rule for apache to protect wordpress, but it have some error, so please suggest me some modification to work it fine. # This has to be global, cannot exist within a directory or location clause . . . SecAction…

apache-2.2 wordpress mod-security brute-force-attacks

asked Sep 22 '15 at 08:02

Janeet

1
2

-3

votes

1 answer

how i configuration mod_security?

when i setup mod_security default configuration then if anyone go wordpress admin panel and change any code or some modified then his ip block. why? my all customer complain for this problem. how i can solve this. i want if anyone change anything…

configuration mod-security

asked Dec 04 '13 at 18:19

Smart Shovon

1

Questions tagged [mod-security]