logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_security2 2.9.2 vc11
Author
sharath



Joined: 23 Aug 2018
Posts: 5
Location: India, Bangalore

PostPosted: Thu 23 Aug '18 11:31    Post subject: mod_security2 2.9.2 vc11 Reply with quote

Hello,

I would like some help, i have installed mod_security2 in XAMMP on windows 7 64 bit. I have followed the steps specified in README file but this doesn't work. Confused

I followed all the steps in readme_first file.

Below the informations of my environment :
-Windows 7 64bit
-mod_security2-2.9.2-2.4.x-x64-vc11
XAMPP :
-apache 2.4.9

I have downloaded:
1. VC from https://www.microsoft.com/en-us/download/details.aspx?id=30679
2. mod_security2 from https://www.apachehaus.com/cgi-bin/download.plx

1. Copied mod_security2.so to my local C:\xampp\apache\modules\ from the mod_security2-2.9.2-2.4.x-x64-vc11 (../apache24/modules/mod_security2.so)
2. Copied libcurl.dll and yajl.dll to my local C:\xampp\apache\bin folder from the mod_security2-2.9.2-2.4.x-x64-vc11
(.../apache24/bin/libcurl.dll)
(.../apache24/bin/yajl.dll)
3. Copied the modsecurity.conf-recommended configuration file to local Apache 2.4.x conf/extra folder from .../apache24/conf/extra/modsecurity.conf-recommended

4.# Add the below lines of code to httpd.conf(C:\xampp\apache\conf\httpd.conf)

LoadModule security2_module modules/mod_security2.so
Include conf/extra/modsecurity.conf-recommended

SecRuleEngine DetectionOnly
SecRuleEngine On
SecRule ARGS, "hack" phase:1,log,deny,status:503,id:1

After doing all this also exactly as in the readme_first file , i am getting below error. I tried all possible ways to slove it, but i was not able to solve the issue.

Here is the error i got:

11:39:06 AM [Apache] Error: Apache shutdown unexpectedly.
11:39:06 AM [Apache] This may be due to a blocked port, missing dependencies,
11:39:06 AM [Apache] improper privileges, a crash, or a shutdown by another method.
11:39:06 AM [Apache] Press the Logs button to view error logs and check
11:39:06 AM [Apache] the Windows Event Viewer for more clues
11:39:06 AM [Apache] If you need more help, copy and post this
11:39:06 AM [Apache] entire log window on the forums

Apache error.log file:

Apache server shutdown initiated...
sl:warn] [pid 6608:tid 312] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 10:52:13.115588 2018] [ssl:warn] [pid 6608:tid 312] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 10:52:13.184595 2018] [mpm_winnt:notice] [pid 6608:tid 312] AH00354: Child: Starting 150 worker threads.
[Thu Aug 23 10:52:18.864163 2018] [mpm_winnt:notice] [pid 11288:tid 300] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Thu Aug 23 10:52:20.866363 2018] [mpm_winnt:notice] [pid 6608:tid 312] AH00364: Child: All worker threads have exited.
[Thu Aug 23 10:52:20.894366 2018] [mpm_winnt:notice] [pid 11288:tid 300] AH00430: Parent: Child process 6608 exited successfully.
[Thu Aug 23 11:39:24.355684 2018] [ssl:warn] [pid 9872:tid 300] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 11:39:25.409789 2018] [ssl:warn] [pid 9872:tid 300] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 11:39:26.067855 2018] [mpm_winnt:notice] [pid 9872:tid 300] AH00455: Apache/2.4.9 (Win32) OpenSSL/1.0.1g PHP/5.5.11 configured -- resuming normal operations
[Thu Aug 23 11:39:26.067855 2018] [mpm_winnt:notice] [pid 9872:tid 300] AH00456: Apache Lounge VC11 Server built: Mar 16 2014 12:13:13
[Thu Aug 23 11:39:26.067855 2018] [core:notice] [pid 9872:tid 300] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Thu Aug 23 11:39:26.074856 2018] [mpm_winnt:notice] [pid 9872:tid 300] AH00418: Parent: Created child process 7300
[Thu Aug 23 11:39:27.237972 2018] [ssl:warn] [pid 7300:tid 312] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 11:39:28.856134 2018] [ssl:warn] [pid 7300:tid 312] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 23 11:39:29.071155 2018] [mpm_winnt:notice] [pid 7300:tid 312] AH00354: Child: Starting 150 worker threads.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Thu 23 Aug '18 12:17    Post subject: Reply with quote

Your Apache log says:

Apache/2.4.9 (Win32)

and you say: mod_security2-2.9.2-2.4.x-x64-vc11

So you cannot mix Win32 and Win64.


Apache Lounge does not have mod_security 2.9.2 for VC11, only 2.8.0.

Also 2.4.9 is old (4 years), best also to upgrade.
Back to top
sharath



Joined: 23 Aug 2018
Posts: 5
Location: India, Bangalore

PostPosted: Thu 23 Aug '18 12:26    Post subject: mod_security2 Reply with quote

Okay thanks.

can you send me the full steps i need to follow for the environment i have already now.


Below the informations of my environment :
-Windows 7 64bit
XAMPP :
-apache 2.4.9

For this which mod_security2 i need to download and other things i need to do.
Please help me out.

And one more thing in mod_security2, i want a rule only to restrict number of connections from an IP / client.
Any solution for this too?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Thu 23 Aug '18 12:42    Post subject: Reply with quote

Follow the readme_first.txt in the download from apachehaus.
Back to top
sharath



Joined: 23 Aug 2018
Posts: 5
Location: India, Bangalore

PostPosted: Fri 24 Aug '18 6:51    Post subject: Reply with quote

Hello,

1. Now i installed mod_security2-2.9.2-2.4.x-x86-vc14 for apache 2.4.9.

The LoadModule security2_module modules/mod_security2.so is working fine

But when i add Include conf/extra/modsecurity.conf-recommended .
I am getting again same error.
Error: Apache shutdown unexpectedly.

Any solution for this.

2. And one more thing in mod_security2, i want a rule only to restrict number of connections from an IP / client. how to write rules for this in httpd.conf file?
Any solution for this too?
Back to top
Xing
Moderator


Joined: 26 Oct 2005
Posts: 49

PostPosted: Fri 24 Aug '18 11:53    Post subject: Reply with quote

What says the error.log with modsecurity.conf-recommended ?

When I recall there are issues with modsecurity.conf-recommended

To check, see www.apachelounge.com/viewtopic.php?t=2520

For questions about rules, best the Community User Support at www.modsecurity.org/help.html
Back to top
sharath



Joined: 23 Aug 2018
Posts: 5
Location: India, Bangalore

PostPosted: Fri 24 Aug '18 11:58    Post subject: Reply with quote

This is my new code now.

LoadModule security2_module modules/mod_security2.so
SecDataDir /xampp/apache/logs/data
SecRuleEngine DetectionOnly
SecRuleEngine On
SecStatusEngine On
SecConnReadStateLimit 5 "!@ipMatch 10.7.223.11"
<IfModule security2_module>
Include conf/crs/crs-setup.conf
Include conf/crs/activated_rules/*.conf
</IfModule>

I want to restrict certain ip address after simultaneously 5 access the ip address should not be able to access the site.

But its not working in my case.

Here is the error.log

[Fri Aug 24 15:27:52.331585 2018] [ssl:warn] [pid 8852:tid 300] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity: APR compiled version="1.6.2"; loaded version="1.5.0"
[Fri Aug 24 15:27:52.999718 2018] [:warn] [pid 8852:tid 300] ModSecurity: Loaded APR do not match with compiled!
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity: PCRE compiled version="8.40 "; loaded version="8.40 2017-01-11"
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity: LUA compiled version="Lua 5.1"
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity: YAJL compiled version="2.1.0"
[Fri Aug 24 15:27:52.999718 2018] [:notice] [pid 8852:tid 300] ModSecurity: LIBXML compiled version="2.9.4"
[Fri Aug 24 15:27:53.005719 2018] [:notice] [pid 8852:tid 300] ModSecurity: StatusEngine call: "2.9.2,Apache/2.4.9 (Win32) Open,1.6.2/1.5.0,8.40/8.40 2017-01-11,Lua 5.1,2.9.4,0768d40ac223663f200f337231058b37dcedf999"
[Fri Aug 24 15:27:53.257770 2018] [:notice] [pid 8852:tid 300] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
[Fri Aug 24 15:27:53.535825 2018] [core:warn] [pid 8852:tid 300] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Fri Aug 24 15:27:53.973913 2018] [ssl:warn] [pid 8852:tid 300] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Aug 24 15:27:54.063931 2018] [mpm_winnt:notice] [pid 8852:tid 300] AH00455: Apache/2.4.9 (Win32) OpenSSL/1.0.1g PHP/5.5.11 configured -- resuming normal operations
[Fri Aug 24 15:27:54.064931 2018] [mpm_winnt:notice] [pid 8852:tid 300] AH00456: Apache Lounge VC11 Server built: Mar 16 2014 12:13:13
[Fri Aug 24 15:27:54.064931 2018] [core:notice] [pid 8852:tid 300] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Fri Aug 24 15:27:54.070932 2018] [mpm_winnt:notice] [pid 8852:tid 300] AH00418: Parent: Created child process 7656
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Fri 24 Aug '18 20:01    Post subject: Reply with quote

Try staring the server with the module loaded but no module configuration. If that works, then you know there is a problem in the config.

httpd -t from the command line should give you configuration errors if any.

If httpd -t says Syntax OK then try adjusting the LogLevel in httpd.conf to info or debug if necessary and look through it.

Side note: You should move all the Sec* directives inside the <IfModule> since they are module specific directives.
Back to top
sharath



Joined: 23 Aug 2018
Posts: 5
Location: India, Bangalore

PostPosted: Mon 27 Aug '18 8:11    Post subject: Reply with quote

Hello,

I have tried as you said.
Here is the changes i made in my code again,
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
Include conf/crs/crs-setup.conf
Include conf/crs/activated_rules/*.conf
SecDataDir /xampp/apache/logs/data
SecRuleEngine DetectionOnly
SecRuleEngine On
SecStatusEngine On
SecConnEngine On
SecConnReadStateLimit 5
SecConnWriteStateLimit 5
#SecConnReadStateLimit 5 "!@ipMatch 10.7.223.22"
#SecConnWriteStateLimit 5 "!@ipMatch 10.7.223.22"
</IfModule>


After changing the code also.. If someone access my ip address actually after simultaneous 5 access, for the 6th access it should not work. It should come access dineied or something but it should not open.
But "SecConnReadStateLimit 5" nor "SecConnReadStateLimit 5 "!@ipMatch 10.7.223.22"" not working.


error.log

Admin note:

log moved to https://apaste.info/Tbva , see forum rules
Back to top


Reply to topic   Topic: mod_security2 2.9.2 vc11 View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules