Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

3

votes

1 answer

Do I really need mod_security?

I'm doing a clean install of my server and I'm looking for some advice on whether or not I actually need the Apache mod_security module. I consider myself to be a bit security paranoid when it comes to my servers, but is it worth going through all…

apache-2.2 mod-security

asked Jun 15 '10 at 02:52

Rob

3

votes

0 answers

Efficient and comfortable mod_security monitoring with sentry.io or similar tools?

When using mod_security one might drown in error reports. sentry is a comfortable tool to monitor software errors, sort them, ignore unimportant ones and so on. I was wondering if it is possible to connect mod_security with sentry.io? The only…

mod-security

asked Apr 11 '22 at 14:05

Alex

676
1
14
37

3

votes

0 answers

How to make mod_remoteip and mod_evasive work together

I have several Cento7 machines running Apache 2.4. They are behind a load balancer. The load balancer pass X-Forwarded-For header with client IP. In order to have mod_evasive to use the real client IP, I enabled mod_remoteip. Here is my config for…

apache-2.4 haproxy httpd mod-security

asked Dec 05 '20 at 23:16

user3908406

163
1
1
4

2

votes

1 answer

Whitelisting browser agents in ModSecurrity

I'm using ModSecurity WAF with Apache. I wanted to know if there's a way I can restrict to only few browser agent type? I want to do this for two reasons: Force the users to use an updated browser. Deny reconnaissance. Thus most bots on the…

mod-security

asked Dec 25 '18 at 21:46

Parth Maniar

131
4

2

votes

1 answer

Mod security anomaly scoring in the audit log

I have configured my anomaly scoring level to 8 within my CRS-setup.conf When I review my audit log I see the following entry: --f0d8a724-H-- Message: Warning. detected XSS using libinjection. [file…

linux apache-2.4 mod-security

asked Dec 14 '17 at 16:25

user3080539

23
5

2

votes

1 answer

Some mod_security rules not being applied

We've been seeing a lot of referral spam to one of our servers so I decided to add some custom modsecurity rules to try and stop at least some of them. I've added several rules, for instance : SecRule REQUEST_HEADERS:User-Agent…

linux apache-2.4 mod-security

asked Nov 23 '17 at 11:28

Keith Langmead

857
1
7
14

2

votes

0 answers

mod_security gives "Multipart parser detected a possible unmatched boundary" for Wordpress

I have mod_security (apache2) installed on my server hosting Wordpress websites. When I attempt to install a plugin by uploading a .zip file from the disk it fails with 403 Forbidden and "Multipart parser detected a possible unmatched boundary" in…

wordpress apache2 mod-security

asked Sep 01 '17 at 20:34

mikryz

311
1
3
9

2

votes

1 answer

Mod_evasive No logs, No IP blocking, No errors - What's going on?

I'm experiencing an anomaly on my Ubuntu 16.04 Machine. I installed LAMP, ufw, fail2ban e now as a DOS protection I installed mod_evasive. Mod_evasive doesn't seem to block anything, doesn't log anything and the only log I see in…

apache-2.4 ubuntu-16.04 mod-security

asked Jul 21 '17 at 20:56

franks

21
1
4

2

votes

2 answers

Fail2Ban and modsecurity not working

so due some spamming attacks and stuff I decided to enable modsecurity on my webserver. I installed Fail2Ban and configured it like that: excerpt from jail.local: # # Custom modsecurity # [modsec] enabled = true filter = modsec action =…

fail2ban apache2 mod-security

asked Apr 19 '17 at 11:47

Smoki

131
1
4

2

votes

0 answers

ModSecurity and custom headers

How can we add a custom header using the 'msg' value from a ModSecurity rule, for all rules triggered? I'm basically trying to track the ModSec block reason at an edge point (Varnish) based on Apache's response. For example, I would like: SecRule…

apache-2.4 varnish http-headers mod-security

asked Feb 19 '17 at 15:57

Andrei

124
1
7

2

votes

2 answers

Apache/ModSecurity custom error page

I am trying to show a custom error page when Apache/ModSecurity rules are triggered. My plan is as follows: Change the status code for all rules to (for example) 501 use ErrorDocument directive to display a custom error page for this code Use php…

apache-2.4 mod-security

asked Feb 02 '17 at 10:35

Karolis

169
2
7

2

votes

1 answer

Installing mod_security for Apache 2.4

I am trying to install mod_security on a server running Apache 2.4 - if I try and use: yum install mod_security it tells me Apache 2.2.15 is a dependency and won't install without this. I then tried downloading mod_security and compiling it which…

apache-2.4 centos6 mod-security

asked Aug 23 '16 at 20:27

bhttoan

650
3
15
27

2

votes

1 answer

ModSecurity duplicate anomaly logs reported instead of single

This is my second time configuring ModSecurity with the OWASP ruleset. Previously I've used version 2.2.5 of the ruleset and now on a different server 2.2.9. I'm trying to configure anomaly detection and so I've disabled error.log logging for…

security apache-2.4 mod-security

asked Jul 01 '16 at 08:37

AJReading

153
5

2

votes

3 answers

Install Mod_Security for Nginx without need to recompile

I've got LEMP all setup. Now I would like to add mod_security. I tried to research but all I could find are instructions on how to recompile nginx. Is there a way to add mod_security without needing to recompile? I'm currently running nginx/1.9.15…

nginx security web-server mod-security

asked May 20 '16 at 10:51

julio

904
1
9
13

2

votes

1 answer

Steps to find the specific rule for Mod_security

I am running an web portal on Lamp stack. I am facing an issue with a export button functionality when i click on the button it redirects to Apache test page. When i comment the #Include modsecurity.d/base_rules/*.conf in mod_security it works…

mod-security

asked May 05 '16 at 08:45

Suneel Kumar P

31
2

Questions tagged [mod-security]