On Sat, Nov 23, 2013 at 5:17 AM, Abhilash Chittathukatil04 <Abhilash_C04@infosys.com> wrote:

Dear Felipe Costa,

 

I have one sample rule in modsecurity.conf. Also tried with some test rules in modsecurity.conf. That itself is not working for me.


Hi Abhilash,

Have you tried increasing your SecDebugLogLevel to 9 and looking at the debug logs? You can send them to me privately if you need help.

--
 - Josh
 

 

===

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"

===

 

If that works fine, I thought of applying the core rule set.

 

We are facing the same issues while compiled modsecurity 2.7.5 with IBM HTTP web server. After the module is loaded in apache.conf, the site itself is not loading. But the same is working fine with the rules for modsecurity 2.6.

 

---

Thanks,

Abhilash.C

 

 

From: Felipe Costa [mailto:FCosta@trustwave.com]
Sent: Friday, November 22, 2013 8:43 PM
To: <mod-security-users@lists.sourceforge.net>
Subject: Re: [mod-security-users] Modsecurity 2.7.5 is installed properly but sample Rules are not working.

 

Hi Abhilash,

 

It seems to me that the ModSecurity was loaded successfully as Apache is reporting in the log files, however

you rules were not been applied. Can you check with the Core Rule Set (CRS)? 

 

 

Br.,

F.

 

 

On Nov 22, 2013, at 5:08 AM, Abhilash Chittathukatil04 <Abhilash_C04@infosys.com>

 wrote:



Hi Team,

 

I have installed Modsecurity 2.7.5 properly but sample Rules are not working for me.

 

Following are the settings. Please let me know any other users are experiencing the issues.

 

=====================

OS is RHEL6.3 and I am trying with native Apache webserver.

 

Steps:

 

1.Compiled the modsecurity using configure, make,make install

2.Copied the mod_security2.so to /etc/httpd/modules/

3. Made the following entries in httpd.conf

 

Under LoadModule session ofhttpd.conf

============================

 

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

 

 

 

under ifmodule section httpd.conf

==========================

 

<IfModule mod_security2.c>

Include /etc/httpd/modsecurity/modsecurity.conf

</IfModule>

 

  4. /etc/httpd/modsecurity/modsecurity.conf is attached herwith.

 

  5.  Restarted the httpd service and log is saying module has been loaded properly.

 

   =====

[Wed Nov 20 12:53:39 2013] [notice] ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured.

[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"

[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"

[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: LIBXML compiled version="2.7.6"

=====

 

Then tried accessing the webserver like http://<IP of machine>//?abc=../../.

But none of the sample rules are working and audit log is not generating. Please help.

 

---

Thanks,

Abhilash.C 

 

 

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely 
for the use of the addressee(s). If you are not the intended recipient, please 
notify the sender by e-mail and delete the original message. Further, you are not 
to copy, disclose, or distribute this e-mail or its contents to any other person and 
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken 
every reasonable precaution to minimize this risk, but is not liable for any damage 
you may sustain as a result of any virus in this e-mail. You should carry out your 
own virus checks before opening the e-mail or attachment. Infosys reserves the 
right to monitor and review the content of all messages sent to or from this e-mail 
address. Messages sent to or from this e-mail address may be stored on the 
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

<modsecurity.conf>------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/

 

 



This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/