Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

344 questions
2
votes
0 answers

Any versions of ModSecurity that works with recent versions of Nginx?

I'm building Nginx and ModSecurity together in order to use the OWASP- Core Rule Set Project. According to the modsecurity download page, the latest version of modsecurity (2.9.1) is not stable when used with Nginx. This is consistent with my…
Shorn
  • 235
  • 1
  • 6
2
votes
2 answers

mod_security too strict rule?

i just installed mod_security on my server but every page gets blocked with a forbidden error. i feel the rules are to strict, no? how can change it? this is the last line on my log Message: Access denied with code 403 (phase 2). Pattern match…
Robert Caros
  • 31
  • 2
2
votes
1 answer

mod_security: How to log POST requests for specific URI?

I'm trying to set up mod_security to log POST requests payload for a specific URI, as it seems that a customers webpage is used as a spam relay and these requests corrupt the server side cache. I started by following this blog post but it seems…
ahaertig
  • 65
  • 1
  • 7
2
votes
1 answer

How can I decrease mod-security severity?

Actually the module blocks calls with "notice" level. How can I decrease the severity level and take it to "warning"?
Alessandro Romeo
  • 47
  • 2
  • 7
2
votes
2 answers

What rule can I use in ModSecurity to log POST payload for a specific site?

I need to inspect POST payload for a specific website (the server is rather busy and I wouldn't turn on POST logging for the entire server). The server is LiteSpeed 5.0.7. SecRequestBodyAccess is set to "On". First I tried with a chain of rules: the…
Andy B
  • 105
  • 2
  • 8
2
votes
1 answer

mod_security - How to process text/xml request_body

I'm trying to process REQUEST_BODY of web request, which has Content-Type: text/xml and some XML inside it. Let say I have the following request: curl -v -d "
gryzli
  • 81
  • 1
  • 6
2
votes
1 answer

ModSecurity rule to not scan URI

I am having difficulty creating a new mod security 2.5 rule. My deployment: Apache server, Setup as a reverse proxy. (so the apache webserver __does not_ host the website. Instead, I proxy the requests to another server that answers the web…
Arlion
  • 608
  • 1
  • 5
  • 17
2
votes
0 answers

Test for length of ARG parameter in SecRule - Mod Security

What is the most efficient way to limit the length of a http request parameter using Mod Security? For example, to limit WordPress comment length : SecRule ARGS:comment "^.{65530}" Would this regex expansion slow mod-security down significantly? Or…
Santrix
  • 263
  • 3
  • 10
2
votes
1 answer

apache mod_evasive with mpm_prefork settings to work

I have tried to find all the information I could on this and I understand the problem with mod_evasive not working when the server is in the mpm_prefork mode (instead of worker). However, I was able to make it partially work by lowering the…
user1869304
  • 21
  • 3
2
votes
1 answer

How could I exclude mod_security from sub-directories on Amazon EC2 with LAMP?

I never activated before the mod_security or edit Virtual Hosts, so it's a new challenge for me, I tried to follow this tutorial but seems that most of the tutorials around the web are not reflecting my situation. I have an EC2 instance running…
dr house
  • 65
  • 1
  • 7
2
votes
0 answers

ModSecurity phase not working?

I have installed modsecurity (2.8). So I made my first rule to block a referrer spam with the following: SecRule REQUEST_HEADERS:Referer "buttons\-for\-website\.com" "phase:1,deny,status:403,id:666521134" Then when I fake my referrer in Firefox to…
AndyCartman
  • 21
  • 2
2
votes
6 answers

mod_security: another rule with same ID

I have installed httpd 2.2.15 on CentOS 6.5 (minimal installation with no cPanel) with modsecurity 2.8. When I am starting httpd I am getting this error: Starting httpd: Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf: ModSecurity:…
Ashish
  • 21
  • 1
  • 1
  • 2
2
votes
0 answers

Nginx and dynamic X-Forwarded-For blocklist

I am running Nginx behind a proxy. I am getting visitors' real IP addresses through X-Forwarded-For HTTP request header. I'd like to block individual IPs based on a dynamic block list, up to 10000+ IPs. I was looking into ModSecurity to do this, but…
Mikko Ohtamaa
  • 1,374
  • 3
  • 17
  • 28
2
votes
0 answers

How to solve UNIQUE_ID variable issue in modsecurity_crs_16_session_hijacking.conf ubuntu 10.04

I have been trying to harden ubuntu 10.04 using modsecurity and its core rules from owasp version 2.2.5. I have used the package from their github . After the symbolic link of the files in the optional_rules to the activated_rules, apache started…
black sensei
  • 609
  • 3
  • 10
  • 25
2
votes
2 answers

How to use Modsec rules to certain page?

i want to block proxy(x-forwarded) ip certain page(wp-comments-post.php) using Apache Mod_security. my current mod_security rule: SecRule REQUEST_HEADERS_NAMES "^x-forwarded-for" "log,deny,id:48,status:403,t:lowercase,msg:'Don't use Proxy'"
Ram
  • 179
  • 1
  • 2
  • 8
1 2 3
22 23