Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_security help for newbie on windowsxp |
Page Previous 1, 2 |
| Author |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
 Posted: Tue 09 Jun '09 19:58 Post subject: |
 |
|
actually .. that was part two .. but for the core rules .. see my second post.
Replace the one Include conf/modsecurity.conf with the line from that post about core rules. |
|
| Back to top |
|
mewbie
Joined: 23 May 2009
Posts: 25
|
| Posted: Fri 12 Jun '09 5:19 Post subject: |
|
|
oh, lol  I had been waiting for part 2 glsmith keke. Thank you.
1.) Little confused:
| Quote: | | Replace the one Include conf/modsecurity.conf with the line from that post about core rules. |
OK I have this on my httpd.conf now:
Include conf/modsecurity.conf
Include conf/core/*.conf
But you said to replace that line. So should I only have 2nd line?
2.) After adding the 2nd line, only when I restart apache, all looks good, but I have this error in error.log:
[error] SecServerSignature: original signature too short. Please set ServerTokens to Full.
3.) What do I do with all those other files in the directory 'tools' included in the mod_security-2.5.9-win32.zip?
Thank you again for your time and patience glsmith ! I'm looking forward to resolving this 
PS. fyi and maybe make your life easier I posted the steps here:
http://www.apachefriends.org/f/viewtopic.php?f=16&t=35635&p=143991#p143991 |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 12 Jun '09 9:43 Post subject: |
|
|
| Quote: | | But you said to replace that line. So should I only have 2nd line? |
Correct
| Quote: | | [error] SecServerSignature: original signature too short. Please set ServerTokens to Full. |
Either;
A. Get into the core file #10 and comment out the SecServerSignature line ... or
B. In httpd.conf ... uncomment the Include conf/extra/httpd-default.conf
By default I believe that Tokens are set to Full in that file.
| Quote: | | What do I do with all those other files in the directory 'tools' included in the mod_security-2.5.9-win32.zip? |
Well looking at the Apache Lounge zip file .. there are none .. there is a .in file but it only makes the tools when compiled under *nix AFIAK |
|
| Back to top |
|
mewbie
Joined: 23 May 2009
Posts: 25
|
| Posted: Sat 13 Jun '09 8:10 Post subject: |
|
|
glsmith you are a dear Thank you for taking this to the end.
| Quote: | | Get into the core file #10 and comment out the SecServerSignature line |
Ahh yes as under the 10 security steps I did I had set ServerTokens to Prod. Makes sense now
Re the zip `rules-updater.pl.in and example', OK I'll just ignore those. 
Thank you once again!
If you don't mind me asking:
What would be your recommendations for me to set this up on a Linux/Debian 5.0.1 /Lenny to which I am also a mewbie ?:
aptitude install mod_security
apt-get install mod_security
or just `wget'.. and take it from there
apache on my nix box is soooo much different.. the httpd.conf is 0bytes, doesn't seem to be a file it needs to use and there are many conf files it does use. |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 702
|
| Posted: Sat 13 Jun '09 11:57 Post subject: |
|
|
Hi newbie,
When I read your posts, it looks like you are not that newbie. Advise is that you more try out things first by yourself, then in a no-time you all full seasoned and can help others. In fact most is in the documentation/manuals.
Steffen |
|
| Back to top |
|
mewbie
Joined: 23 May 2009
Posts: 25
|
| Posted: Sat 13 Jun '09 12:09 Post subject: |
|
|
Steffen: that made my day LOL, really?!.. OK if you say so I am trying ever so hard to soak all this in and would love to be able to help others.. thus posting my results for xampp users.
Its just been exhausting 2 months of learning, reading, searching, trying, errors, posting, whoring around irc haha trying to solve things. Its like now I don't even want to install one more thing for fear I get errors and yet more stuff to solve.. I have no life now
Like that AjaxTerm.. spent days and days on it, first I tried to setup shellinbox for over 10 hours straight.. then read AjaxTerm better, easier etc.. until now.. sooo many hours of reading, trying and still not work.. its hard to not get fed up and just chuck it all. And to not feel like a total mewbie when this seems so simple to others 
Its never ending... |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 702
|
| Posted: Sat 13 Jun '09 12:18 Post subject: |
|
|
Understand, I said it looks like.
Steffen |
|
| Back to top |
|
|
|
|
|
|
