Re: [mod-security-users] mod security 2.2.7 problem on openSUSE 13.1
Brought to you by:
victorhora,
zimmerletw
From: Administrator Beckspaced.c. <ad...@be...> - 2014-03-24 17:24:21
|
Message: 2 Date: Sat, 22 Mar 2014 16:20:32 +0100 From: Reindl Harald<h.r...@th...> Subject: Re: [mod-security-users] mod security 2.2.7 problem on openSUSE 13.1 To:mod...@li... Message-ID:<532...@th...> Content-Type: text/plain; charset="iso-8859-1" Am 22.03.2014 15:49, schrieb Administrator Beckspaced.com: > hello there > > using the newest mod security 2.2.7 with newest rule set 2.2.9 on an > opensuse 13.1 with apache 2.4.6 > > mod security is actually running fine but i'm trying to run the slow dos > rule set from experimental rules -> > modsecurity_crs_11_slow_dos_protection.conf > > whenever i enable this rule set i get blocked by mod security > > [Fri Mar 21 17:23:04.018323 2014] [:warn] [pid 29457] ModSecurity: > Access denied with code 400. Too many threads [150] of 100 allowed in > READ state from 91.22.223.123 - Possible DoS Consumption Attack [Rejected] just don't do that on the application level it's insane even respond from the webserver in such a case http://comments.gmane.org/gmane.comp.apache.mod-security.user/10722 ok ... thanks a lot for your reply ;-) will look into iptables to protect against slow dos attacks. but still i don't understand why mod security is blocking my IP address? the server is not public accessible, though it tells me that i got 150 threads connected? why is that? also ... why isn't apache creating the collection data files ip.dir ip.pag global.dir global.pag SecDataDir is set to /var/log/apache2 which is owned and writable by the apache user wwwrun:www but on apache restart those files (ip.dir global.dir) don't get generated! so how can mod security collect data if those files are not there? but apache is able to create the modsec_debug.log and modsec_audtit.log in the directory /var/log/apache2 but it will not create ip.dir and global.dir ... strange! using opensuse 13.1 which uses systemd now. could this have something to do with it? running another suse box with opensuse 12.2 which also uses systemd and there i don't have any problems at all files for mod security get generated after an apache restart really a bit out of knowledge here ;-( perhaps someone can guide me towards fixing this? thanks a million for your help & all the best becki p.s. if it is insane to respond to slow dos attack from the webserver with mod security ... why is it even there then? |