logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Problem: XAMPP (windows) & ModSecurity Install

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
subject_delta



Joined: 07 Jun 2015
Posts: 4

PostPosted: Sun 07 Jun '15 11:01    Post subject: Problem: XAMPP (windows) & ModSecurity Install Reply with quote

Hello,

I would like some help to install modsecurity in XAMMP on windows 7. I have followed the steps specified in README file but this doesn't work. Confused

I still have a generic error :

10:40:38 [Apache] Error: Apache shutdown unexpectedly.
10:40:38 [Apache] This may be due to a blocked port, missing dependencies,
10:40:38 [Apache] improper privileges, a crash, or a shutdown by another method.
10:40:38 [Apache] Press the Logs button to view error logs and check
10:40:38 [Apache] the Windows Event Viewer for more clues
10:40:38 [Apache] If you need more help, copy and post this
10:40:38 [Apache] entire log window on the forums

Below the informations of my environment :
-Windows 7
-modsecurity 2.8.0
XAMPP :
-apache 2.4.12
-php 5.6.8


Do you see from where could come the problem ?

Thanks Smile
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Sun 07 Jun '15 11:07    Post subject: Reply with quote

Where did you downloaded, which version and VC11 ?

Any clue in the Apache error.log or windows event viewer ?
Back to top
subject_delta



Joined: 07 Jun 2015
Posts: 4

PostPosted: Sun 07 Jun '15 16:01    Post subject: Reply with quote

After your reply I have realized that there is a README file in the modules folder that I downloaded here (I have only followed the steps specified in the modules/modesecurity/README file)... Confused I had to install CV11.

Furthermore, I probably had a problem about win32/win64. Indeed, XAMPP was install for win32 but I downloaded modules for win64.

Whatever, now modsecurity works fine when I try your "very quick start" example. Thanks Very Happy

I try to use modsecurity.conf-recommended as configuration file :

Code:
<IfModule security2_module>
#
# OWASP ModSecurity Core Rule Set Project
Include conf/modsecurity.conf
#Include conf/modsecurity-crs/modsecurity_crs_10_setup.conf
#Include conf/modsecurity-crs/base_rules/*.conf
#Include conf/modsecurity-crs/optional_rules/*.conf
#
</IfModule>


But there is a generic apache error :

Code:
15:49:43  [Apache]    Error: Apache shutdown unexpectedly.
15:49:43  [Apache]    This may be due to a blocked port, missing dependencies,
15:49:43  [Apache]    improper privileges, a crash, or a shutdown by another method.
15:49:43  [Apache]    Press the Logs button to view error logs and check
15:49:43  [Apache]    the Windows Event Viewer for more clues
15:49:43  [Apache]    If you need more help, copy and post this
15:49:43  [Apache]    entire log window on the forums


Info : I have changed some file/folder path in modsecurity.conf

Do you know a solution ? Question
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Sun 07 Jun '15 16:12    Post subject: Reply with quote

So the "very quick start" works, but as soon as you Include conf/modsecurity.conf it gives a error.

Is modsecurity.conf in you apache/conf folder ?

Look in in the Apache error.log or windows event viewer for errors !
Back to top
subject_delta



Joined: 07 Jun 2015
Posts: 4

PostPosted: Sun 07 Jun '15 16:23    Post subject: Reply with quote

So the "very quick start" works, but as soon as you Include conf/modsecurity.conf it gives a error. --> Yes

Is modsecurity.conf in you apache/conf folder ? --> Yes

And where did you get it from ? --> from modules-2.4-win32-VC11\mod_security-2.8.0\mod_security\modsecurity.conf-recommended

I look the Apache error.log from the beginning but there is no significant information:

Code:
[Sun Jun 07 16:21:25.165472 2015] [ssl:warn] [pid 5236:tid 252] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jun 07 16:21:25.999520 2015] [:notice] [pid 5236:tid 252] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
[Sun Jun 07 16:21:25.999520 2015] [:notice] [pid 5236:tid 252] ModSecurity: APR compiled version="1.5.0"; loaded version="1.5.1"
[Sun Jun 07 16:21:25.999520 2015] [:warn] [pid 5236:tid 252] ModSecurity: Loaded APR do not match with compiled!
[Sun Jun 07 16:21:25.999520 2015] [:notice] [pid 5236:tid 252] ModSecurity: PCRE compiled version="8.34 "; loaded version="8.36 2014-09-26"
[Sun Jun 07 16:21:25.999520 2015] [:warn] [pid 5236:tid 252] ModSecurity: Loaded PCRE do not match with compiled!
[Sun Jun 07 16:21:25.999520 2015] [:notice] [pid 5236:tid 252] ModSecurity: LUA compiled version="Lua 5.1"
[Sun Jun 07 16:21:25.999520 2015] [:notice] [pid 5236:tid 252] ModSecurity: LIBXML compiled version="2.9.1"
[Sun Jun 07 16:21:26.095525 2015] [core:warn] [pid 5236:tid 252] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Sun Jun 07 16:21:26.363540 2015] [ssl:warn] [pid 5236:tid 252] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jun 07 16:21:27.056580 2015] [mpm_winnt:notice] [pid 5236:tid 252] AH00455: Apache/2.4.12 (Win32) OpenSSL/1.0.1l PHP/5.6.8 configured -- resuming normal operations
[Sun Jun 07 16:21:27.056580 2015] [mpm_winnt:notice] [pid 5236:tid 252] AH00456: Apache Lounge VC11 Server built: Jan 28 2015 16:48:40
[Sun Jun 07 16:21:27.056580 2015] [core:notice] [pid 5236:tid 252] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Sun Jun 07 16:21:27.059580 2015] [mpm_winnt:notice] [pid 5236:tid 252] AH00418: Parent: Created child process 5472
[Sun Jun 07 16:21:28.336653 2015] [ssl:warn] [pid 5472:tid 264] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jun 07 16:21:28.999691 2015] [:notice] [pid 5472:tid 264] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
[Sun Jun 07 16:21:28.999691 2015] [:notice] [pid 5472:tid 264] ModSecurity: APR compiled version="1.5.0"; loaded version="1.5.1"
[Sun Jun 07 16:21:28.999691 2015] [:warn] [pid 5472:tid 264] ModSecurity: Loaded APR do not match with compiled!
[Sun Jun 07 16:21:28.999691 2015] [:notice] [pid 5472:tid 264] ModSecurity: PCRE compiled version="8.34 "; loaded version="8.36 2014-09-26"
[Sun Jun 07 16:21:28.999691 2015] [:warn] [pid 5472:tid 264] ModSecurity: Loaded PCRE do not match with compiled!
[Sun Jun 07 16:21:28.999691 2015] [:notice] [pid 5472:tid 264] ModSecurity: LUA compiled version="Lua 5.1"
[Sun Jun 07 16:21:28.999691 2015] [:notice] [pid 5472:tid 264] ModSecurity: LIBXML compiled version="2.9.1"
[Sun Jun 07 16:21:29.411715 2015] [ssl:warn] [pid 5472:tid 264] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jun 07 16:21:30.052751 2015] [mpm_winnt:notice] [pid 5472:tid 264] AH00354: Child: Starting 150 worker threads.


I uncomment all .conf directives one by one and I have a problem with:

Code:
SecUnicodeMapFile unicode.mapping 20127


Last edited by subject_delta on Sun 07 Jun '15 17:24; edited 1 time in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Sun 07 Jun '15 17:09    Post subject: Reply with quote

And in the windows event viewer ?

The log looks good, no error.

Is this the log when it was given the error ?

I do not know what SecUnicodeMapFile does, and if it needs extra configuration.



About rules you better ask at the mod_security list !
Back to top
subject_delta



Joined: 07 Jun 2015
Posts: 4

PostPosted: Sun 07 Jun '15 17:22    Post subject: Reply with quote

I see nothing about Apache in the windows event viewer but I think I am looking for at the wrong place.

Anyway, ModSecurity with CRS configuration works now. Smile

There is always the SecUnicodeMapFile error but as you say there is a modsecurity documentation and community for that.

Thank for your help (and your quick answers) ! Very Happy
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Sun 07 Jun '15 19:04    Post subject: Reply with quote

From the docu:

SecUnicodeMapFile

Description: Defines the path to the file that will be used by the urlDecodeUni transformation function to map Unicode code points during normalization and specifies the Code Point to use.

Syntax: SecUnicodeMapFile /path/to/unicode.mapping CODEPOINT

Example Usage: SecUnicodeMapFile unicode.mapping 20127



So you need a file.

See also for the latest setup en rules: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/INSTALL
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1