Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
1 answer

ModSecurity: Ignore Array ARGS

I want an exclusion rule for a request to be evaluated at runtime. The body of the request is an array. e.g ["somestring", "someRandomString",....] This is the rule I have written: SecRule REQUEST_URI "@beginsWith /my/url"…
Syed Osama Maruf
  • 1,895
  • 2
  • 20
  • 37
0
votes
1 answer

How to limit this modsecurity rule to one file?

I have this rule bellow, and I'd like to limit for only wp-login.php files. Is it possible? SecRule REQUEST_HEADERS:User-Agent "@contains python-requests" "id:1000000,t:none,t:lowercase,deny,nolog,msg:'BAD BOT - Detected and Blocked. '"
João Savioli
  • 5
  • 2
0
votes
1 answer

How do I configure the ModSecurity engine to be ON for a single attack type and DetectionOnly for all others?

I need to gradually implement ModSecurity. It must be configured to only block attacks by a single attack type (e.g. SQLi), but log all other attacks from the other attack types. For ease of upgrading the owasp rules, it is recommended to avoid…
Jeff Martin
  • 125
  • 3
0
votes
1 answer

How to Harden Apache against security vulnerabilities

We have an APache 2.4.6 version installed on Rhel 7.5 in production. The security Audit team found few vulnerabilities lately which needs to be fixed. 1.) During audit ,it is observed that connect web server is vulnerable to Slowloris…
Lakshmi Pisharody
  • 1
  • 2
0
votes
2 answers

ModSecurity SecRule RESPONSE_BODY doesn't work

I have Ubuntu 18.10 with apache2, libapache2-mod-security2, modsecurity-crs packages with their default configuration except for enabling ModSecurity debug logging and copying modsecurity.conf-recommended and adding SecRuleEngine On. I added a new…
Riki137
  • 2,076
  • 2
  • 23
  • 26
0
votes
1 answer

admin-ajax.php returning 404 status code sporadically

I have a new Wordpress site on a shared hosting environment that is not allowing me to save changes that I'm making in the theme customization panel. When I try to save, it pops up a window saying, "Looks like something’s gone wrong. Wait a couple…
PapaHotelPapa
  • 687
  • 5
  • 19
0
votes
0 answers

This site can't be reached if more then 10 users login in the system

I am working on a small project where the users can log in using their own login details. Each user has with different username and password. I have a webpage which is on CodeIgniter. I am using below code for user login. Controller public function…
questionbank
  • 440
  • 8
  • 25
0
votes
1 answer

mod_security rule 981172 false positive

The mod_security configuration in Apache, on the CWP7.admin, generates a 403 access denied error when running Grav CMS: [Thu Mar 21 15:40:47.967502 2019] [:error] [pid 21727:tid 140715786946304] [client 186.67.206.59:57900] [client 186.67.206.59]…
ganar
  • 627
  • 8
  • 17
0
votes
1 answer

Centos7 Nginx mod_security - unknown directive "ModSecurityEnabled"

installed nginx / nginx-module-security / libmodsecurity by yum. Founded at: /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so nginx.conf: user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid…
Alex
  • 1
  • 1
0
votes
1 answer

mod_security: Block only if a client causes more than 10 error messages

) I am currently trying to create a list of whitelists in modsecurity for my application. To reduce false positives i thought about something like this: If a user causes more than 10 error message (mod security messages) it will be blocked then. Is…
hukachaka
  • 63
  • 1
  • 6
0
votes
1 answer

Mod_security turn off rule based on post data

Is it possible to remove a specific security based on post data? For example, if post data contain username='someone' then turn off rule 95004: SecRuleRemoveById 950004 I already have SecRequestBodyAccess turned on
Cayenne
  • 94
  • 9
0
votes
1 answer

Is there way to block user for accessing all site, not only wp-login.php

Im using code from this article, worked perfect, but i want to block access for entire site, not only for one page, is there any available method? Using Ubuntu, php7, mod-security2. Code: # Setup brute force…
Nikita TSB
  • 440
  • 4
  • 11
0
votes
0 answers

Nginx server crashing unexpectedly

My nginx server in aws seems to crash with the following messages, 2019/01/14 12:37:25 [notice] 18928#0: ModSecurity-nginx v1.0.0 2019/01/14 12:37:25 [notice] 18928#0: signal process started 2019/01/14 12:37:25 [notice] 1415#0: signal 15 (SIGTERM)…
Vishnuraj V
  • 2,819
  • 3
  • 19
  • 23
0
votes
1 answer

ModSecurity: Access denied with code 403 (phase 2). When using "multipart/form-data"

I am trying to upload image to web server. And receive Error:403. So I check the Apache log, I have this error in log: ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file…
Jason Li
  • 11
  • 1
  • 10
0
votes
2 answers

uploading multiple pictures causeing 500 error

I modified a script i found on here to do process multiple pictures being uploaded at once. However when I try to run the script it throws an error. I use to have the script only allow one picture upload at time and that worked fine without any…
henex
  • 1
  • 2
1 2 3
31 32