Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Help! Getting Started w/ Mod Security |
|
| Author |
|
flyingmonkey
Joined: 01 Aug 2007
Posts: 15
|
 Posted: Thu 09 Aug '07 1:38 Post subject: Help! Getting Started w/ Mod Security |
 |
|
I've added the following to the end of my httpd.conf, but I am not sure if it's in the right place. Is this the right place?
Also, it's not writing to the logs/mod_security2.log file (as copied from the mod_security download from here), but is writing issues to the error.log, modsec_audit.log, and the modsec_debug.log. I've placed the core mod_security rules into the conf/modsecurity2/ folder. Any ideas?
Thanks!
| Code: |
<IfModule security2_module>
SecRuleEngine On
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace
SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log
## -- General rules --------------------
SecRule ARGS "c:/" t:normalisePathWin
SecRule ARGS "\.\./" t:normalisePathWin
SecRule ARGS "d:/" t:normalisePathWin
## -- phpBB attack --------------------
SecRule ARGS:highlight "(\x27|%27|\x2527|%2527)"
# Load Core ModSecurity Rules
Include conf/modsecurity2/*.conf
</IfModule> |
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3059
Location: Hilversum, NL, EU
|
| Posted: Thu 09 Aug '07 19:06 Post subject: |
|
|
Give us a few lines from your logs, so we see whats going on ?
To use the complete core mod_security rules makes mostly no sense. special the rules for application you not use. It's overhead and can give false positives.
Best is, pick only the genral rules and rules specific for the applications you are running. For example when you do not use SQL then it makes no sense to use SQL rules.
Steffen |
|
| Back to top |
|
flyingmonkey
Joined: 01 Aug 2007
Posts: 15
|
| Posted: Mon 13 Aug '07 20:52 Post subject: |
|
|
It's a minor issue, but the issue is that the mod_security2.log is empty and the errors are written to the error.log even though the following line is included:
| Code: |
SecAuditLog logs/mod_security2.log
|
Sorry, I am new to Apache.[/code] |
|
| Back to top |
|
|
|
|
|
|
