[mod-security-users] new to modsecurity question on two alerts.. how where they produced? ModSecuri
Brought to you by:
victorhora,
zimmerletw
From: Andres S. <ndr...@gm...> - 2009-07-09 17:59:08
|
Hello all, Iam new to modsecurity and Iam purchasing some books to better interpret the warnings and log messages.. I was wondering if somebody could help me interpret these two.. as we do not understand why they matched... [08/Jul/2009:21:53:36 --0600] [ 217.27.244.107/sid#8a9bdec0][rid#882dd050][/login.php][1] Access denied with code 500 (phase 4). Pattern match "(?:\b(?:(?:s(?:elect list because it is not contained in (?:an aggregate function and there is no|either an aggregate function or the) GROUP BY clause|upplied argument is not a valid (?:(?:M(?:S |y)|Postgre)SQL|O(?:racle|DBC)))|S(?:yntax error converti ..." at RESPONSE_BODY. [file "/var/apache2/mod_security_rules/modsecurity_crs_50_outbound.conf"] [09/Jul/2009:07:29:00 --0600] [ 217.27.244.107/sid#8b06aec0][rid#7cb3a050][/login.php][2] Warning. Match of "rx ModSecurity" against "WEBSERVER_ERROR_LOG" required. [file "/var/apache2/mod_security_rules/extra_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960913"] [msg "Invalid request"] [severity "CRITICAL"] Any information is much appreciated. Andres |