Re: [mod-security-users] mod_unique_id
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_unique_id
|
From: Emre <ku...@it...> - 2007-07-23 13:04:34
|
=DD am sending the last 3 record of error.log file with mod_unique_id =
module
=20
[Mon Jul 23 15:54:23 2007] [notice] Apache/2.0.52 (Red Hat) configured =
--
resuming normal operations
[Mon Jul 23 15:54:25 2007] [error] [client 160.75.5.64] ModSecurity: =
Access
denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at
REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP
address"] [severity "CRITICAL"] [hostname "160.75.5.130"] [uri "/"]
[unique_id "xsP1ZX8AAAEAAA4SBAQAAAAA"]
[Mon Jul 23 15:54:25 2007] [error] [client 160.75.5.64] ModSecurity: =
Access
denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at
REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP
address"] [severity "CRITICAL"] [hostname "160.75.5.130"] [uri
"/favicon.ico"] [unique_id "xsQ5jn8AAAEAAA4TBwAAAAAB"]
=20
Without mod_unique_id
=20
[Mon Jul 23 15:52:57 2007] [notice] Apache/2.0.52 (Red Hat) configured =
--
resuming normal operations
[Mon Jul 23 15:53:01 2007] [error] ModSecurity: ModSecurity requires
mod_unique_id to be installed.
[Mon Jul 23 15:53:01 2007] [error] ModSecurity: ModSecurity requires
mod_unique_id to be installed.=20
=20
Note:I am not sure but it seems that i wrote the ip address on the url =
bar
("Host header is a numeric IP address") but there is one more thing that
this computer i am working on is a test machine i have to enter the ip
address on the bar.
=20
_____ =20
From: Ryan Barnett [mailto:Ryan.Barnett@Breach.com]=20
Sent: Monday, July 23, 2007 3:51 PM
To: Emre ; mod...@li...
Subject: RE: [mod-security-users] mod_unique_id
=20
ModSecurity needs mod_unique_id to be installed as it uses it for =
providing
unique id tags to all transactions. It sounds like you added the module
correctly to the httpd.conf file. What does your error_log file tell =
you
about why Apache triggered the 400 status code?
=20
--=20
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
=20
=20
_____ =20
From: mod...@li...
[mailto:mod...@li...] On Behalf Of =
Emre=20
Sent: Monday, July 23, 2007 8:40 AM
To: mod...@li...
Subject: [mod-security-users] mod_unique_id
=20
Hi all,
=20
I am a newbie on modsecurity and i am trying to prepare .conf files. At =
this
point i have a problem???
=20
When i add the mod_unique_id module (LoadModule unique_id_module
modules/mod_unique_id.so) my web page does'n response(or lets say =
responses
400 bad request)
=20
Moreover, the unique_id module should be integrated to httpd.conf or
modsecurity.conf (conf.d/*.conf)
=20
Thus, what should i do to make modsecurity run effectively,=20
=20
Should i disable mod_unique_id or there is a way to run both of two at =
the
same time?
|