Highest Voted 'mod-security' Questions - Server Fault Stack Exchange

1

vote

2 answers

Enable modsecurity SecRuleEngine On for only a specific directory

Running Apache 2.2.x, modSecurity 2.8.0 I'm trying to get something like this working: # Default recommended configuration SecRuleEngine DetectionOnly # Settings options: DetectionOnly,On,Off # Only enable full security on candidate facing…

apache-2.2 mod-security

asked Mar 23 '17 at 11:50

Njna Grimsdottir

21
1
1
6

1

vote

2 answers

how to modificate modsecurity rule action for only one parameter?

I have a modsecurity with Core Rule Set. And I have POST-request with 3 parameters: Par1 = "base64-encoded XML "& Par2 = "url" & Par3 = "hash". I want to modificate CRS rules to base64Decode only Par1 and use Par2 & Par3 'as is'. I tried to use…

security mod-security web-application-firewall

asked Oct 21 '16 at 08:39

Vladimir

31
1
6

1

vote

1 answer

mod_security: disable cookie verification causing SQLI false positive

I'm trying to configure mod_security on CentOS 7 for apache2.4 with the OWASP ruleset. The thing is my web app generates a cookie with -- characters and it gets flagged as an SQLI. I read the following article how to whitelist a certain cookie…

centos7 mod-security

asked Aug 19 '16 at 10:16

sebclaut

21
3

1

vote

1 answer

Modsecurity : Creating a new Request Header from SecRule

Consider the following redirect SecRule which is activated from a Lua script SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found',setvar:REQUEST_HEADERS:Blocked" When…

mod-security

asked Aug 10 '16 at 19:22

Futh

17
5

1

vote

1 answer

Prevent logging of issues with 127.0.0.1 in mod_security logs

I'm trying to configure modsecurity to not log any issues originating from 127.0.0.1 but I have had no luck with the following rules. SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off" SecRule…

mod-security

asked Jul 20 '16 at 01:21

Citricguy

166
1
1
9

1

vote

1 answer

Remove IP from modsecurity blacklist

I have a CentOS 7.2 server with apache. I installed and configured modsecurity and I did some tests from my home and now my IP si blocked. Where is stored the blacklist for modsecurity? I stopped the iptables and fail2ban but I'm still blocked.…

apache-2.2 mod-security

asked May 09 '16 at 09:22

antiks

223
3
8

1

vote

0 answers

mod_security forcing to redirect to Apache test page

i have installed drupal and installed couple of modules to provide the admin export to excel feature. when i click on the export button the page is getting redirected to Apache test page. I have done some R&D and commented #Include…

mod-security

asked Apr 28 '16 at 09:21

Suneel Kumar P

31
2

1

vote

1 answer

Disabling ModSecurity's SQL injection Rule

I've been trying to disable mod_security sql injection rule by adding this to the conf file SecRuleRemoveById 981172 SecRuleRemoveById 981243 SecRuleRemoveById 981173 SecRuleRemoveById 981249 SecRuleRemoveById 981318 SecRuleRemoveById…

ubuntu mod-security

asked Apr 21 '16 at 11:56

DavidSmith

13
4

1

vote

2 answers

Modsecurity Ignore/Whitelist IP

I have looked around on the net and have seen many common answers for this , however, none of them are working. I am trying to use this to ignore whenever our scans kick off in the morning. SecRule REMOTE_HOST "@ipmatch 99.123.33.87"…

configuration mod-security rules whitelist

asked Jan 15 '16 at 23:08

LUser

217
1
6
15

1

vote

1 answer

SecRuleEngine Off not working on a single domain in virtual host

I have modSecurity installed and working on a server with multiple hosts and I want to disable some rules for one host only. This is what is what I put in the virtual host file: SecRuleEngine On SecRuleRemoveById…

centos6 mod-security rules

asked Jan 07 '16 at 15:25

williamsdb

493
1
8
18

1

vote

1 answer

Apache 2: Limit Ressources

I'm running some web pages on apache 2.4. At the moment I can see a lot of connections like these on status-page: Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request 2-0 - 0/0/5 . 1297.48 944 2482371 0.0 0.00 0.26 …

apache-2.4 mod-security debian-jessie

asked Dec 19 '15 at 09:11

MyFault

913
3
15
36

1

vote

1 answer

modsecurity whitelisting certian types of cookies

I am seeing cookies being generated on our server which appear to be from 3rd party objects in the site and don't show themselves when one logs in or navigates through the site. The cookies are random but all start with Wm. So some of them might be…

cookies mod-security

asked Nov 20 '15 at 22:55

LUser

217
1
6
15

1

vote

0 answers

How install PHP 5.4, mod_security and mod_evasive together without conflict

I need create webserver with PHP 5.4, and install mod_security and mod_evasive. But when I try to join the php 5.4 and the mods on an EC2 server, it returns an error of conflict between the versions httpd. I followed the tutorial link trying to do…

amazon-ec2 httpd mod-security

asked Sep 01 '15 at 20:42

Tiago Souza

41
1
5

1

vote

1 answer

mod_security installation not creating /usr/share/modsecurity-crs/

I have a server running ubuntu 14 lamp I´ve installed mod_security: apt-get install libapache2-modsecurity then decided to uninstall using this command: sudo apt-get remove libapache2-modsecurity Then deleted manually (ftp) some files and folders…

ubuntu mod-security

asked Sep 01 '15 at 16:59

Frederico Lopes

13
2

1

vote

1 answer

security2_module for apache is causing the “Forbidden You don't have permission to access / on this server” message

I installed the security2 module to my apache server by adding these following lines to my httpd.conf: Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf Include…

apache-2.4 httpd mod-security

asked Jul 01 '15 at 23:30

VaTo

221
6
22

Questions tagged [mod-security]