Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_security not working? |
|
| Author |
|
dio
Joined: 02 Jun 2007
Posts: 5
|
 Posted: Mon 04 Jun '07 11:50 Post subject: mod_security not working? |
 |
|
Hi,
I have installed Apache 2.2.4 and mod_security binaries from your site and used rules from www.gotroot.com. Apache starts ok, but even though I run a known PHP shell it does not get filtered out (the rule for this exists though).
I put rules into modules/mod_security2 and added this string at the end of main httpd.conf file:
Include conf/extra/httpd-modsecurity.conf
error.log shows:
[date] [notice] ModSecurity for Apache 2.1.1 configured
How can I check if the module is working?
Thanks! |
|
| Back to top |
|
deathcon4
Joined: 20 Mar 2006
Posts: 2
|
| Posted: Sun 10 Jun '07 18:45 Post subject: Cannot Loada module |
|
|
I'm having the same problem. The Apache says that cannot load the module and can't get find the path.
If you know how to resolve this problem, please, post it.
Thanks |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Mon 11 Jun '07 19:37 Post subject: |
|
|
dio,
conf/extra/httpd-modsecurity.conf is not a file which comes with Apache 2.2.4 or with mod_security from Apache Lounge.
Is this a file you created yourself? If so, make sure that it Includes all of the .conf files which you downloaded from gotroot.com.
Also check that you downloaded the correct set of rules: Apache 2.x rules for modsec 2.x.
To make sure that mod_security is running, find a rule in one of the downloaded .conf files and try that URL
- for example, to test this rule in jitp.conf: | Code: | # WEB-CGI websendmail access
SecRule REQUEST_URI "/websendmail"
|
try to request http://localhost/websendmail. This request should fail and also create a ModSecurity entry in your Apache error.log file.
Another way to check is to enable mod_info:* in httpd.conf, un-comment the line: LoadModule info_module modules/mod_info.so
* also un-comment the line: LoadModule status_module modules/mod_status.so
* also un-comment the line: Include conf/extra/httpd-info.conf
* in extra\httpd-info.conf: set your domain or IP address instead of .example.com then use http://localhost/server-info to see your loaded modules. The section for mod_security2.c should show many SecRule entries (about 10,000 of them).
I found I needed to change some of the rules in the gotroot.com rules.conf file because it transforms Apache variables to lowercase.
This appears to be a gotroot.com bug: | Quote: | #Enforce proper HTTP requests
SecRule REQUEST_PROTOCOL "!^http/(0\.9|1\.0|1\.1)$" "id:340000,severity:1,msg:'Bad HTTP Protocol'"
#deny TRACE method
SecRule REQUEST_METHOD "trace" "id:340007,rev:1,severity:2,msg:'TRACE method denied'" |
If you also use the default mod_security rules (i.e. the .conf files which come with the Apache Lounge mod_security download), you will probably want to omit the file modsecurity_crs_50_outbound.conf, and change the following line in modsecurity_crs_10_config.conf to allow larger responses - else mod_info won't be able to show you all your rules: | Quote: | | SecResponseBodyLimit 1524288 |
deathcon4,
re:"I'm having the same problem. The Apache says that cannot load the module"
That doesn't sound like the same problem that dio has. It certainly isn't enough information to give a useful answer.
-tom- |
|
| Back to top |
|
|
|
|
|
|
