Re: [mod-security-users] calling modsecurity before siteminder , help appreciated
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] calling modsecurity before siteminder , help appreciated
|
From: Padmaja V. <pad...@ya...> - 2011-06-16 17:29:55
|
Ryan,
Thank you very much for your quick response and solution, we tested this and
working.
Padmaja.
----- Original Message ----
From: Ryan Barnett <RBa...@tr...>
To: Padmaja Vuyyuru <pad...@ya...>; matthew sporleder
<msp...@gm...>
Cc: "mod...@li..."
<mod...@li...>
Sent: Wed, June 15, 2011 8:37:31 AM
Subject: Re: [mod-security-users] calling modsecurity before siteminder , help
appreciated
There are two methods you can check that will influence the order in which
modules are executed -
1) The order of LoadModule in the httpd.conf file. The ordering of the
modules can impact the execution order. The order actually starts from
the bottom then the top. So, if you want ModSecurity to have first crack,
make sure it is the last module listed in with LoadModule.
2) In the apache2/mod_security.2.c file, you can edit the module hooks
listing to instruct Apache to have certain modules run before/after
ModSecurity. Here is the section of code that you want to edit -
################################
/**
* Registers module hooks with Apache.
*/
static void register_hooks(apr_pool_t *mp) {
static const char *const postconfig_beforeme_list[] = {
"mod_unique_id.c",
"mod_ssl.c",
NULL
};
static const char *const postconfig_afterme_list[] = {
"mod_fcgid.c",
"mod_cgid.c",
NULL
};
static const char *const postread_beforeme_list[] = {
"mod_rpaf.c",
"mod_rpaf-2.0.c",
"mod_extract_forwarded2.c",
"mod_remoteip.c",
"mod_custom_header.c",
"mod_breach_realip.c",
"mod_breach_trans.c",
"mod_unique_id.c",
NULL
};
static const char *const postread_afterme_list[] = {
"mod_log_forensic.c",
NULL
};
################################
You might want to try and put the SiteMinder module in the
postconfig_afterme_list
-Ryan
On 6/15/11 9:31 AM, "Padmaja Vuyyuru" <pad...@ya...> wrote:
>Thank you Matthew,
>
>We have mod_security.so calling first in webserver settings. All
>siteminder
>enabled URL's are not going to the Mod_Sec and calling siteminder first.
>I don't
>see in any thing audit logs.
>
>Any other help is really appreciated.
>
>
>
>----- Original Message ----
>From: matthew sporleder <msp...@gm...>
>To: Padmaja Vuyyuru <pad...@ya...>
>Cc: mod...@li...
>Sent: Wed, June 15, 2011 1:24:05 AM
>Subject: Re: [mod-security-users] calling modsecurity before siteminder ,
>help
>appreciated
>
>On Tue, Jun 14, 2011 at 2:12 PM, Padmaja Vuyyuru <pad...@ya...>
>wrote:
>>
>> we are using ModSecurity 2 on Apache protected by CA's SiteMinder. In
>> testing ModSecurity with the Core rules, I've seen that SiteMinder is
>>called
>> first.
>> Is there any way to get ModSecurity to proc before SiteMinder? We
>>specified
>> the ModSecurity first and then SiteMinder. Any help is really
>>appriciated.
>>
>
>Put mod_security in front of the sm agent machine in a proxy setup.
>
>Why is mod_security triggering after sm a problem?
>
>
>--------------------------------------------------------------------------
>----
>EditLive Enterprise is the world's most technically advanced content
>authoring tool. Experience the power of Track Changes, Inline Image
>Editing and ensure content is compliant with Accessibility Checking.
>http://p.sf.net/sfu/ephox-dev2dev
>_______________________________________________
>mod-security-users mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>ModSecurity Services from Trustwave's SpiderLabs:
>https://www.trustwave.com/spiderLabs.php
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety, whether
in electronic or hard copy format.
|