Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
2 answers

ModSecurity Ratelimiting Login Failures

I am trying to build a rule to limit the number of xmlrpc.php authentication failures to 5 per minute. The ModSecurity rules I have so far are: SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR},id:690010 SecRule…
Santrix
  • 875
  • 8
  • 10
0
votes
1 answer

Daily access control with ModSecurity

I want to configure ModSecurity to limit the access to certain resources to a certain count each day. E.g: User "A" is allowed to download any file in a specific directory, but the total downloads must not exceed 5. I keep track of the user accesses…
Constantinius
  • 34,183
  • 8
  • 77
  • 85
0
votes
0 answers

Why does remote multipart form submission fail without attaching a file?

I'm experiencing an issue with an API call using POST and multipart/form-data. When a file is attached in the form, the call succeeds (200). When no file is attached (500), modsecurity throws this error: [:error] [pid 25114] [client ##REMOVED##]…
Tomanow
  • 7,247
  • 3
  • 24
  • 52
0
votes
1 answer

How to whitelist foreign characters in folder or file name with apache/mod_security?

I have some image files with foreign characters in their dir and file name, like Á or ü, and apache/mod_security is answering with Error 406 - Not acceptable when pointing a browser to those files. Is there a way to let the server show those files,…
Henry
  • 1,374
  • 2
  • 14
  • 24
0
votes
1 answer

MediaWiki call to api.php causes URL Encoding Abuse Attack Attempt

I am having unusual (for me) problem with MediaWiki & ModSecurity on Shared hosting. Apparently saving changes or browsing pages causes raise of alarm in ModSecurity module of Apache. After several such alarms user is cut off from server by Firewall…
user1422497
  • 1
  • 1
  • 2
0
votes
1 answer

How does Apache proxypass handle traffic?

When Apache Proxypass is configured, is traffic being forwarded from the host in the DMZ to the internal host, or is a new connection initiated between the DMZ to the internal host? Trying to determine if the proxy is forwarding traffic, or if a…
user3723206
  • 59
  • 6
0
votes
1 answer

mod_security prevents Apache from starting - no errors

I installed mod_security 2.8.0 on my Apache 2.4 installation. I copied the yajl.dll into my bin folder, the .so file into my modules, added the configuration as the readme suggested, but when I start Apache, it fails. But it only fails if I specify…
nickdnk
  • 4,010
  • 4
  • 24
  • 43
0
votes
1 answer

disable mod_security for a bridge.php script

I want to use a regex pattern to disable mod_security of Apache for 2 scripts: bridge.php and mobile-bridge.php. I think I can do it in a file named mod_security_whitelist.conf inside the configuration folder /etc/httpd/httpd/conf.d: [ Please…
radus
  • 3
  • 3
0
votes
2 answers

Is there any way to stop this htaccess redirect loop?

I can't figure out a way to stop this htaccess redirect from looping. Options +FollowSymLinks Options -Multiviews RewriteOptions MaxRedirects=1 RewriteEngine On RewriteRule ^pages/?$ page.php?p=g&id=1$1 [L,QSA] RewriteCond %{QUERY_STRING} …
Eddie
  • 337
  • 3
  • 17
0
votes
1 answer

Hiding Directory in URL with htaccess is not working

I have website1.com setup so that when users visit website1.com they get redirected via a meta tag in an index.html to website1.com/directory Then they use the website and go to links such as website1.com/directory/index.html or what ever. I am…
user3399760
  • 27
  • 1
  • 7
0
votes
1 answer

.htaccess tricks to mess with unwanted visitors

Looking at my server error logs, I see a lot of attempts from IP addresses in China, Thailand, and whatnot trying to access non-existent directories called "manager", "phpmyadmin", "admin", anything in cgi-bin, and the like. There are a couple odd…
Anachronist
  • 1,032
  • 12
  • 16
0
votes
0 answers

How to safely send PHP through POST (and work on shared server)

This is a continuation of a tumbleweed question: Getting Forbidden error when saving pages with PHP The host my client uses seems to use something to check/block potentially malicious scripts from being saved to the server. When I try to save a file…
Casey Dwayne
  • 2,142
  • 1
  • 17
  • 32
0
votes
1 answer

Writing a mod security rule to block access to a PHP file

I wish to block access to any file with name "modules.php" in any website. I have written a Rule in mod security but I'm not sure if it is working or not? here is the rule SecRule REQUEST_LINE "@rx modules.php"…
Pourya.M
  • 73
  • 1
  • 1
  • 6
0
votes
0 answers

nginx and modsecurity custom rules not applied

I have compiled nginx latest stable 1.4.3 with modsecurity latest-stable 2.7.5 but while it works i cant get it to recognize my custom rules.I am using the owasp crs 2.2.8(Using the base rules only and Collaborative Detection Blocking). I am…
user1620572
  • 1
  • 2
0
votes
2 answers

specify a floating point range using regular expression

I need an regular expression to check whether a particular argument is in a floating point range.For ex i want the Param only in the range 0.01 to 999.9 . I have configured the below rule ,but it fails to work . SecRule ARGS:Param "![0.01-999.9]"…
Santhosh Pai
  • 2,535
  • 8
  • 28
  • 49
1 2 3
31 32