Re: [mod-security-users] Core rules 2.1-1.4b2 question
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-05-28 16:33:54
|
You to have the XML LoadFile directive specified BEFORE the ModSecurity LoadFile directive like this - <IfDefine SECURITY> <IfModule !mod_security2.c> LoadFile /usr/lib/libxml2.so =20 LoadModule security2_module modules/mod_security2.so </IfModule> # use Core Rule Set by default: Include /etc/apache2/modules.d/mod_security/*.conf </IfDefine> --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 > -----Original Message----- > From: Joakim Schramm [mailto:jo...@as...] > Sent: Monday, May 28, 2007 12:28 PM > To: Ryan Barnett; Ofer Shezaf > Cc: mod...@li... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question >=20 > This from my httpd.conf for >=20 > <IfDefine SECURITY> > <IfModule !mod_security2.c> > LoadModule security2_module modules/mod_security2.so > </IfModule> >=20 > LoadFile /usr/lib/libxml2.so >=20 > # use Core Rule Set by default: > Include /etc/apache2/modules.d/mod_security/*.conf > </IfDefine> >=20 > merc ~ # locate libxml2.so > /usr/lib/libxml2.so.2.6.28 > /usr/lib/libxml2.so.2 > /usr/lib/libxml2.so >=20 > merc ~ # /etc/init.d/apache2 restart > * Apache2 has detected a syntax error in your configuration files: > Syntax error on line 54 of > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio ns > .c > onf: > Error creating rule: Unknown variable: XML >=20 > I don't know if this is because apache2 currently is running w/ modsec > 2.1.1 > but w/o libxml2 line in conf, so it might check syntax for what it has at > hands before restarting and don't because of this as apache2 never stops. > I > may have to stop it maunally and srat it again, not just restart BUT if it > still fail all my web services is down :-( I guess I have no option but > take > a chance and rely on you guys if it still fails. Faith was the word :-) >=20 > Unfortunately, >=20 > After stopping still >=20 > merc ~ # /etc/init.d/apache2 start > * Apache2 has detected a syntax error in your configuration files: > Syntax error on line 54 of > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio ns > .c > onf: > Error creating rule: Unknown variable: XML >=20 > Joakim >=20 > > -----Original Message----- > > From: Ryan Barnett [mailto:Ryan.Barnett@Breach.com] > > Sent: 28 May 2007 17:54 > > To: Joakim Schramm; Ofer Shezaf > > Cc: mod...@li... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > Did you add the following to your httpd.conf file before the > > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. > > > > This is in the Installation section of the reference manual > > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > > .1.0/modse > > curity2-apache-reference.html#02-installation > > > > > > > > > -----Original Message----- > > > From: mod...@li... [mailto:mod- > > > sec...@li...] On Behalf Of Joakim > > Schramm > > > Sent: Monday, May 28, 2007 11:50 AM > > > To: Ofer Shezaf > > > Cc: mod...@li... > > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > -----Original Message----- > > > > From: Ofer Shezaf [mailto:OferS@Breach.com] > > > > Sent: 28 May 2007 17:05 > > > > To: Joakim Schramm > > > > Cc: mod...@li... > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > Just one correction, if you want to remove the XML variable > > > > from the rules, it also appears in file #20. > > > > > > > Well I don't want to but have XML working. I looked at the make file > > as it > > > is in archive and it seem XML is on by default, and I have have > > libxml2 > > > were > > > it says by default, so as far as I understand it "should" > > be compiled > > with > > > xml support, not sure why it isn't working though. I have the whole > > output > > > from compile by Gentoo emerge packager and it appear to > > confirm xml is > > > compled in. Just pasting the relevant parts here, let me know if you > > need > > > full output? > > > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread > > > -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 > > > -I/usr/include/db4.5 -c -o > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.c && touch > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.slo > > > /usr/bin/libtool --silent --mode=3Dcompile i686-pc-linux-gnu-gcc > > -prefer-pic > > > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT = -D_GNU_SOURCE > > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > > > -I/usr/include/apr-1 - > > > ... > > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > > dev1/apache2/persist_db > > > m.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/pdf_protect.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_util.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > > > So xml "should" really work, but it doesn't or is there > > something more > > > that > > > need to be done? > > > > > > Joakim > > > > > > > > -----Original Message----- > > > > > From: Joakim Schramm [mailto:jo...@as...] > > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > > To: Ofer Shezaf > > > > > Cc: mod...@li... > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Ofer Shezaf [mailto:OferS@Breach.com] > > > > > > Sent: 28 May 2007 16:49 > > > > > > To: Joakim Schramm > > > > > > Subject: RE: [mod-security-users] Core rules > > 2.1-1.4b2 question > > > > > > > > > > > > Regarding XML - Avi is still investigating the > > problem (actually > > a > > > > > > solution) as we already know the problem. You have compiled > > > > > > ModSecurity without XML support, which is perfectly > > > > valid, but does > > > > > > not work with the new dev version of > > > > > > > > > > > > So you will need to either compile with XML support, wait till > > we > > > > > > find a generic solution, or just delete all the XML > > > > variables from > > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > > > ~ Ofer > > > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > > > 2.1.1, so I > > > > > will have to figure out how to get xml support compiled in then > > ;-) > > > > > > > > > > Joakim > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------- > > ---------- > > - > > > This SF.net email is sponsored by DB2 Express > > > Download DB2 Express C - the FREE version of DB2 express and take > > > control of your XML. No limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > |