Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
1 answer

Mod_Security / Haproxy / Web servers (IIS)

I have haproxy as a load balance in front of my web servers(IIS), that works well. Now I want to have mod_security configured with apache for request filtering and then pass the request to haproxy for load balancing. I have already installed…
S M Azam
  • 343
  • 1
  • 2
  • 5
0
votes
1 answer

How long do you fine tune false positives with mod_security and OWASP rules?

I just started using owasp rules and got tons of false positives. Example someone in the description field has written: "we are going to select some users tomorrow for our job platform." This is detected as sql injection attack (id 950007). Well it…
darpet
  • 3,073
  • 3
  • 33
  • 40
0
votes
1 answer

WordPress doesn't work after enabling mod_security

I have a vps on which cPanel/WHM is installed. I just enabled few rules provided by default by the cPanel team OSWAP rule set. When I enable these rules my server does not even accept new media files in WordPress as well. Additionally, if someone…
Hasnain Hayder
  • 99
  • 7
0
votes
2 answers

Symfony framework install 406 Not Acceptable Error w/CPanel & WHM

So I am trying to get Symfony working on my server by following these install instructions. http://symfony.com/doc/current/book/installation.html#book-installation-permissions I got to the part where I ran this command in console in the directory…
Joseph Astrahan
  • 8,659
  • 12
  • 83
  • 154
0
votes
1 answer

Request hitting varnish and getting served and not checking mod_security rule?

I have a reverse proxy server on which mod_security is configured to be used as web application firewall and varnish is for cache. I have blocked a country but as request hit Varnish and getting served. The setup is like below Request > Varnish[80]…
acekapila
  • 35
  • 2
  • 10
0
votes
1 answer

ModSecurity - tx variables in CRS

I would like to apply ModSecurity CRS in my project. However, I have few questions related to this. Can anybody explain, why the rule: SecRule REQUEST_FILENAME "@pm nessustest appscan_fingerprint" \ …
user3489820
  • 1,459
  • 3
  • 22
  • 38
0
votes
1 answer

ModSecurity whitelist http methods global

is there a possibility to create a whitelisting rule for whitelisting all GET requests in phase 1? My custom_rule file is working - I've tested various rules before, but I really don't know how to disable all rules for GET Requests. Something…
Creapos
  • 1
  • 1
0
votes
1 answer

mod-security causes segmentation fault

I was trying to remove a rule (numeric ip in host header) for machines on my local network: SecRule REMOTE_ADDR "@ipMatch 192.168.178.0/24" \ "id:5,phase:1,t:none,nolog,pass,ctl:ruleRemoveTargetById=981203" The rule is defined here: [file…
wkarl
  • 781
  • 1
  • 8
  • 19
0
votes
2 answers

How to get last X records of the modsec_audit.log file?

I need to get the last X records of the modsec_audit.log file in bash and write it out to a new file. I know this is possible with tail and sed, but this possibly cuts out at a certain line and causes half of a message to be left in the…
user5330815
0
votes
0 answers

Saving multiple URL's in PHP textarea causing XSS false positive

I have tried everything. I use my own php function sanitizeString() to get rid of characters and sanitize input strings to our liking. It has mysqli_real_escape_string, preg_replace, str_replace and htmlspecialcharacters. I call this function around…
HonorMan
  • 1
  • 1
0
votes
1 answer

ModSecurity - audit log entries while nolog set at SecRule

I'm looking for some help on a problem encountered with a modsecurity configuration. we recently discovered that our modsecurity configuration didn't behave as we thought, specifically the modsecurity audit logs are generated for all calls, while…
Olivier
  • 2,571
  • 1
  • 17
  • 25
0
votes
1 answer

Using Regular Expression in updating an argument in Mod Security Core Ruleset OWASP

I just ran into a problem with rule 981173 [msg "Restricted SQL Character Anomaly Detection Alert - Total] for sending some youtube IDs to the database. Some IDs has special characters like -, which I guess is the reason a warning was raised I have…
RedGiant
  • 4,444
  • 11
  • 59
  • 146
0
votes
1 answer

How can I modify a pattern in Modsecurity Core Rule Set

Is there any way to update the pattern of a rule in a modsecurity_crs_custom.conf file? I have a rich text editor that let people wrap up link text. The is raising a warning from rule 973304. I want to exclude href from the pattern but…
RedGiant
  • 4,444
  • 11
  • 59
  • 146
0
votes
1 answer

Updating an arugement of a ModSecurity Core Rule

I have a big form that probably needs to send 1000 POST DATA arguments at most. Sometimes it would triggers a false alarm from rule 960335 of the OWASP Core rulset. I looked into that rule in modsecurity_crs_23_request_limits.conf but I can't figure…
RedGiant
  • 4,444
  • 11
  • 59
  • 146
0
votes
2 answers

"ModSecurity Access Denied" in logs. I don't understand what its telling me.. Should I be concerned?

I am seeing the following three things in my logs about access being denied. Two of them have security as critical. I don't really understand any of what they mean and after googling around a bit, still am unsure if I should be concerned or do…
user2662692
  • 227
  • 5
  • 15
1 2 3
31 32