Re: [mod-security-users] Core rules 2.1-1.4b2 question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Core rules 2.1-1.4b2 question
|
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-05-28 16:33:54
|
You to have the XML LoadFile directive specified BEFORE the ModSecurity
LoadFile directive like this -
<IfDefine SECURITY>
<IfModule !mod_security2.c>
LoadFile /usr/lib/libxml2.so =20
LoadModule security2_module modules/mod_security2.so
</IfModule>
# use Core Rule Set by default:
Include /etc/apache2/modules.d/mod_security/*.conf
</IfDefine>
--=20
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
=20
=20
> -----Original Message-----
> From: Joakim Schramm [mailto:jo...@as...]
> Sent: Monday, May 28, 2007 12:28 PM
> To: Ryan Barnett; Ofer Shezaf
> Cc: mod...@li...
> Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question
>=20
> This from my httpd.conf for
>=20
> <IfDefine SECURITY>
> <IfModule !mod_security2.c>
> LoadModule security2_module modules/mod_security2.so
> </IfModule>
>=20
> LoadFile /usr/lib/libxml2.so
>=20
> # use Core Rule Set by default:
> Include /etc/apache2/modules.d/mod_security/*.conf
> </IfDefine>
>=20
> merc ~ # locate libxml2.so
> /usr/lib/libxml2.so.2.6.28
> /usr/lib/libxml2.so.2
> /usr/lib/libxml2.so
>=20
> merc ~ # /etc/init.d/apache2 restart
> * Apache2 has detected a syntax error in your configuration files:
> Syntax error on line 54 of
>
/etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio
ns
> .c
> onf:
> Error creating rule: Unknown variable: XML
>=20
> I don't know if this is because apache2 currently is running w/ modsec
> 2.1.1
> but w/o libxml2 line in conf, so it might check syntax for what it has
at
> hands before restarting and don't because of this as apache2 never
stops.
> I
> may have to stop it maunally and srat it again, not just restart BUT
if it
> still fail all my web services is down :-( I guess I have no option
but
> take
> a chance and rely on you guys if it still fails. Faith was the word
:-)
>=20
> Unfortunately,
>=20
> After stopping still
>=20
> merc ~ # /etc/init.d/apache2 start
> * Apache2 has detected a syntax error in your configuration files:
> Syntax error on line 54 of
>
/etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio
ns
> .c
> onf:
> Error creating rule: Unknown variable: XML
>=20
> Joakim
>=20
> > -----Original Message-----
> > From: Ryan Barnett [mailto:Ryan.Barnett@Breach.com]
> > Sent: 28 May 2007 17:54
> > To: Joakim Schramm; Ofer Shezaf
> > Cc: mod...@li...
> > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question
> >
> > Did you add the following to your httpd.conf file before the
> > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so.
> >
> > This is in the Installation section of the reference manual
> > -http://www.modsecurity.org/documentation/modsecurity-apache/2
> > .1.0/modse
> > curity2-apache-reference.html#02-installation
> >
> >
> >
> > > -----Original Message-----
> > > From: mod...@li...
[mailto:mod-
> > > sec...@li...] On Behalf Of Joakim
> > Schramm
> > > Sent: Monday, May 28, 2007 11:50 AM
> > > To: Ofer Shezaf
> > > Cc: mod...@li...
> > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Ofer Shezaf [mailto:OferS@Breach.com]
> > > > Sent: 28 May 2007 17:05
> > > > To: Joakim Schramm
> > > > Cc: mod...@li...
> > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question
> > > >
> > > > Just one correction, if you want to remove the XML variable
> > > > from the rules, it also appears in file #20.
> > > >
> > > Well I don't want to but have XML working. I looked at the make
file
> > as it
> > > is in archive and it seem XML is on by default, and I have have
> > libxml2
> > > were
> > > it says by default, so as far as I understand it "should"
> > be compiled
> > with
> > > xml support, not sure why it isn't working though. I have the
whole
> > output
> > > from compile by Gentoo emerge packager and it appear to
> > confirm xml is
> > > compled in. Just pasting the relevant parts here, let me know if
you
> > need
> > > full output?
> > >
> > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG
-pthread
> > > -I/usr/include/apache2 -I/usr/include/apr-1
-I/usr/include/apr-1
> > > -I/usr/include/db4.5 -c -o
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_xml.lo
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_xml.c && touch
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_xml.slo
> > > /usr/bin/libtool --silent --mode=3Dcompile i686-pc-linux-gnu-gcc
> > -prefer-pic
> > > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT =
-D_GNU_SOURCE
> > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2
> > > -I/usr/include/apr-1 -
> > > ...
> > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-
> > > dev1/apache2/persist_db
> > > m.lo
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/pdf_protect.lo
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_xml.lo
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_util.lo
> > >
> > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a
> > pache_2.2.
> > 0-
> > > de
> > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net-
> > >
> > > So xml "should" really work, but it doesn't or is there
> > something more
> > > that
> > > need to be done?
> > >
> > > Joakim
> > >
> > > > > -----Original Message-----
> > > > > From: Joakim Schramm [mailto:jo...@as...]
> > > > > Sent: Monday, May 28, 2007 5:58 PM
> > > > > To: Ofer Shezaf
> > > > > Cc: mod...@li...
> > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2
question
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Ofer Shezaf [mailto:OferS@Breach.com]
> > > > > > Sent: 28 May 2007 16:49
> > > > > > To: Joakim Schramm
> > > > > > Subject: RE: [mod-security-users] Core rules
> > 2.1-1.4b2 question
> > > > > >
> > > > > > Regarding XML - Avi is still investigating the
> > problem (actually
> > a
> > > > > > solution) as we already know the problem. You have compiled
> > > > > > ModSecurity without XML support, which is perfectly
> > > > valid, but does
> > > > > > not work with the new dev version of
> > > > > >
> > > > > > So you will need to either compile with XML support, wait
till
> > we
> > > > > > find a generic solution, or just delete all the XML
> > > > variables from
> > > > > > the different rules (I think it is only in file #40)
> > > > > >
> > > > > > ~ Ofer
> > > > >
> > > > > Aha, I use Gentoo and simply reused the current ebuild for
> > > > 2.1.1, so I
> > > > > will have to figure out how to get xml support compiled in
then
> > ;-)
> > > > >
> > > > > Joakim
> > > >
> > > >
> > >
> > >
> > >
> > --------------------------------------------------------------
> > ----------
> > -
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> >
|