Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
2 answers

Not Acceptable?

My site is running but I could not log in to admin dashboard, got this error Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security. After googling I…
gp el
  • 321
  • 5
  • 16
0
votes
1 answer

Modsecurity: removeWhitespace not working

I have the following rule: SecRule REQUEST_HEADERS:Client-IP "@ipMatchFromFile test.txt" "id:210487,t:none,t:urlDecodeUni,t:removeWhitespace,drop,msg:'IP-test'" But When I run it I get the response: T (0) urlDecodeUni: "111.22.33.44 " // note the…
Marcus
  • 675
  • 2
  • 8
  • 24
0
votes
0 answers

How can I integrate Mod Security Rule Check in my custom java application

I am writing a java application which gets the http logs in json format string from servers like tomcat. I want to check those http request/response pairs against mod-security rules for auditing-purposes. I went through this link -…
Pankaj Goyal
  • 1,448
  • 3
  • 15
  • 25
0
votes
1 answer

ModSecurity: Execution phases can only be specified by chain starter rules

In modsecurity default-script: base_rules/modsecurity_crs_20_protocol_violations.conf there is a rule, 960011: SecRule REQUEST_METHOD "^(?:GET|HEAD)$" \ "msg:'GET or HEAD Request with Body Content.',\ severity:'2',\ id:'960011',\ …
Rop
  • 3,359
  • 3
  • 38
  • 59
0
votes
2 answers

modsecurity 2 -- disable logging for specific rule ids?

In mod-security2, I want to disable logging for some specific rule-ids (the most frequent false positives from default rules). I want to keep the rules active for anomaly-scoring, but just turn off logging for some. How do I do that?
Rop
  • 3,359
  • 3
  • 38
  • 59
0
votes
1 answer

Read stream of json log objects using c#

I'm using ModSecurity and my Audit Log logs stream of json objects like the ones below: {"transaction":{"time":"28/Mar/2017:15:39:04…
Ogglas
  • 62,132
  • 37
  • 328
  • 418
0
votes
1 answer

Can't validate ARG in chain rule

I'm trying to evaluate and block GET/POST requests that don't have a given ARG for a certain URIs. The following rule doesn't validate the "!@eq 1" line (REQUEST_URI and REQUEST_HEADERS work as expected when tested individually) SecRule REQUEST_URI…
Daniel Vukasovich
  • 1,692
  • 1
  • 18
  • 26
0
votes
1 answer

Blocking duplicate http request using mod security

I am using mod security to look for specific values in post parameters and blocking the request if duplicate comes in. I am using mod security user collection to do just that. The problem is that my requests are long running so a single request can…
user1452218
  • 31
  • 4
0
votes
1 answer

ModSecurity rules - How to block most countries bar choosen few

At the momemnt we have a rule that blocks one country (testing purposes only). Ideally we would like to allow only three countries (Ireland, England, Wales, Scotland) to be able to access the domain. So we are using this: # Test IP address and block…
kPieczonka
  • 394
  • 1
  • 14
0
votes
1 answer

OWASP CRS 3.0 paranoia level ignored in custom ruleset

I'm working on using the new CoreRuleSet 3.0 from OWASP and encountering a situatation where the paranoia level is being ignored and all rules in a file run. In the CRS-SETUP config file there is a block setting a paranoia level: SecAction \ …
brainbuz
  • 384
  • 1
  • 3
  • 12
0
votes
0 answers

mod_security log reports missing User-Agent and blocks Ajax Request 403 , but User-Agent is present

From Log I am getting Error: ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [tag…
romanmoravcik
  • 11
  • 1
0
votes
1 answer

Filenames with single quotes are giving internal 500 error while uploading images or files in to production

While uploading images or files with single quotes throwing 500 internal server error in our production, but in our localhost and QA instance the same code is working fine. we have seen the log file (ssl_error_log) and found the below error [Fri…
Shaik Matheen
  • 1,233
  • 15
  • 14
0
votes
1 answer

ModSecurity blocking Openmanager plugin on TinyMCE in a Codeigniter environment

I have a website hosted on Hostgator Cloud (running Linux Cent OS if that matters) and its built using Codeigniter. I'm using the TinyMCE text-editor with Openmanager plugin for uploading images. My installation directory structure looks something…
Gaurav Ojha
  • 1,147
  • 1
  • 15
  • 37
0
votes
2 answers

how to warn instead of block invalid quoting in modsecurity

Ive got an issue with modsecurity and Im wondering if anyone can help. I'm running into an issue with uploading files to my application, anytime the file in question has a quote in the filename. Eventually I will do client side validation which will…
denartha
  • 1
  • 1
0
votes
1 answer

How can I block or redirect traffic referred to my site by another site?

I have a domain that is being sent traffic from another domain with a similar name by a scammer who is trying to look legitimate. (the scammer is masquerading as my legitimate client) How can I block or redirect traffic referred to my site by…
Sean Kimball
  • 4,506
  • 9
  • 42
  • 73
1 2 3
31 32