Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-security]

ModSecurity supplies an array of request and response filtering rules and other security features to the Apache HTTP Server. ModSecurity is an open source web application layer firewall.

344 questions
2
votes
0 answers

nginx with fail2ban and mod_security

I forgot to update my fail2ban config for nginx. I just moved to nginx from apache. Today, I got a lot of cals from a single IP. IP tried to access login pages with post and get methods IP tried to use nginx as a proxy (GET http:/...) IP searched…
Mahesh
  • 247
  • 1
  • 4
  • 16
2
votes
0 answers

ModSecurity: collections_remove_stale: Failed deleting collection

Environment: Ubuntu Server 12.04 64Bit with Apache/2.2.22 (Ubuntu) and Worker mpm with modsecurity 2.7.5 and OWASP CRS latest. Problem: When server is under a load of 1500 concurrent users Mod_Security starts to show the below error in Apache's…
zertux
  • 151
  • 1
  • 14
2
votes
0 answers

log/dump response body

Is there any way to log response body in Apache 2? I need the exact content that will be sent to user browser. I tried mod_security audit logging, but it won't log response body for all requests. (I got confused really. It logs response body for…
kikio
  • 161
  • 1
  • 9
2
votes
1 answer

Dropping incoming requests for a specific file with iptables

Server is a standard LAMP stack configured via cpanel on CentOS 5.9. We have one file, call it bad.php, on one of our domains that is mistakenly being accessed about 10 times a second by a service provider. The file no longer exists, and we want to…
Nathan Stretch
  • 181
  • 2
  • 15
2
votes
0 answers

.htaccess ignored two layers deep on only some hosting plans

I have one .htaccess file doing this: RewriteRule ^system(.*)$ /system/app/$1 [QSA,L] ...and then underneath /system/app, I have another .htaccess file doing this: RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule…
ServerChecker
  • 1,518
  • 2
  • 14
  • 35
2
votes
2 answers

Does ModSecurity 2.7.1 work with ASP.NET MVC 3?

I'm trying to get ModSecurity 2.7.1 to work with an ASP.NET MVC 3 website. The installation ran without errors and looking at the event log, ModSecurity is starting up successfully. I am using the modsecurity.conf-recommended file to set the basic…
autonomatt
  • 133
  • 5
2
votes
0 answers

Custom collections with mod_security

I would like to create a mod_security collection that is based on something other than the user's IP, Session ID, or username. Specifically, based on the REQUEST_URI. However, mod_security indicates that this is not possible. My question is…
Matt White
  • 706
  • 1
  • 5
  • 18
2
votes
1 answer

why use apache's LoadFile?

Installing mod_security, the instructions direct us to add: LoadFile /usr/lib/libxml2.so LoadFile /usr/lib/liblua5.1.so to httpd.conf. I'm wondering why they might prefer LoadFile to linking with rpath / LD_RUN_PATH /etc.
pra
  • 622
  • 1
  • 5
  • 13
2
votes
1 answer

Why Is ModSecurity Unable to Access the Data Directory?

Update I think we've solved this; the problem appears to have been a result of the /modsec_storage directory having an incorrect value for its SELinux context type. However, we're still not sure, because although after I changed the SELinux context…
tommytwoeyes
  • 155
  • 1
  • 7
2
votes
2 answers

how I can know which version of mod security that I had on the server? and how I can update it?

I'm using cpanel (11.25 Stable 46156) with mod security installed. How can I know the version of mod security that installed in the server? How can I update mod security manually or make it update automatically ?
Libyano
  • 141
  • 2
  • 2
  • 8
2
votes
3 answers

How do I remove the ServerSignature added by mod_fcgid?

I'm running Mod_Security and I'm using the SecServerSignature to customize the Server header that Apache returns. This part works fine, however I'm also running mod_fcgid which appends "mod_fcgid/2.3.5" to the header. Is there any way I can turn…
matthew
  • 1,319
  • 1
  • 11
  • 21
2
votes
1 answer

How to disable mod_security2 rule (false positive) for one domain on centos 5

Hi I have mod_security enabled on a centos5 server and one of the rules is keeping a user from posting some text on a form. The text is legitimate but it has the words 'create' and an html tag later in it so it is causing a false…
nicholas.alipaz
  • 155
  • 2
  • 7
2
votes
2 answers

Necesity of ModSecurity if Apache is behind Nginx

I have my Apache installed behind Nginx. So every request that comes in is first handeled by Nginx. If there is dynamic content needed the request is send to Apache which listens on port 8080. Pretty basic reverse proxy setup. Now with this setup…
Saif Bechan
  • 10,960
  • 10
  • 42
  • 63
2
votes
2 answers

mod_security 403 forbidden response is returning homepage content with WordPress mod_rewrite

I'm using mod_security on various websites, some WordPress and some not. I notice that on a non WordPress website the following: https://test-site.com/?exec=/bin/bash returns a 403 forbidden error code, along with the Apache "forbidden" error page.…
MrCarrot
  • 345
  • 1
  • 4
  • 13
2
votes
5 answers

500 Internal Server Error when adding a line in the .htaccess file

I need to add the following line into my .htaccess file in order to get my website working with mod_security SecFilterScanPOST Off but then I get an error Internal Server Error The server encountered an internal error or misconfiguration and was…
Elitmiar
  • 775
  • 3
  • 15
  • 31
1 2 3
22 23