Re: [mod-security-users] Newbie Question - ModSec + SquidGuard
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2008-05-04 13:27:00
|
You can also do redirects with ModSecurity instead of deny. Just change the action settings and redirect them to your friendly blocked page. Thanks, Ryan C. Barnett ----- Original Message ----- From: mod...@li... <mod...@li...> To: mod...@li... <mod...@li...> Sent: Sat May 03 09:26:02 2008 Subject: [mod-security-users] Newbie Question - ModSec + SquidGuard Hello all, Firstly let me say that, having just installed ModSecurity I am *very* impressed with it. Thank you to all the devs for such a great product. I am not a sysadmin, I just have a simple, largely static, website with a few bits of dynamic content (eg a squirrelmail webmail package serving up my family's mail from behind a AuthUserFile password protected area). I protect my children from undesirable web content by using a squid proxy server + squidGuard filter. Prior to installing ModSecurity this worked just fine, redirecting to a page informing them that the site is blocked. Now they just get a 400 Bad Request which can be confusing. I think that ModSecurity is blocking access to the squidGuard.cgi app which serves up the squidGuard blocking page, but I think ModSecurity is blocking because it's come via a numeric IP. (see extract from debug.log) [03/May/2008:14:09:11 +0100] [www.mydomain.co.uk/sid#b92b64a8][rid#b97a0f80][/cgi-bin/squidGuard.cgi][1] Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] This causes problems because my internal network relies heavily on numerical IP addresses. Commenting out the above rule in modsecurity_crs_21_protocol_anomalies.conf allows it all to work properly again but I am not sure this is the best way to solve the problem. Should I create a local rule? If so how? (I might need some hand-holding...) Thanks in advance for any help. Mark |