Re: [mod-security-users] mod_unique_id
Brought to you by:
victorhora,
zimmerletw
From: Emre <ku...@it...> - 2007-07-23 13:04:34
|
=DD am sending the last 3 record of error.log file with mod_unique_id = module =20 [Mon Jul 23 15:54:23 2007] [notice] Apache/2.0.52 (Red Hat) configured = -- resuming normal operations [Mon Jul 23 15:54:25 2007] [error] [client 160.75.5.64] ModSecurity: = Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "160.75.5.130"] [uri "/"] [unique_id "xsP1ZX8AAAEAAA4SBAQAAAAA"] [Mon Jul 23 15:54:25 2007] [error] [client 160.75.5.64] ModSecurity: = Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "160.75.5.130"] [uri "/favicon.ico"] [unique_id "xsQ5jn8AAAEAAA4TBwAAAAAB"] =20 Without mod_unique_id =20 [Mon Jul 23 15:52:57 2007] [notice] Apache/2.0.52 (Red Hat) configured = -- resuming normal operations [Mon Jul 23 15:53:01 2007] [error] ModSecurity: ModSecurity requires mod_unique_id to be installed. [Mon Jul 23 15:53:01 2007] [error] ModSecurity: ModSecurity requires mod_unique_id to be installed.=20 =20 Note:I am not sure but it seems that i wrote the ip address on the url = bar ("Host header is a numeric IP address") but there is one more thing that this computer i am working on is a test machine i have to enter the ip address on the bar. =20 _____ =20 From: Ryan Barnett [mailto:Ryan.Barnett@Breach.com]=20 Sent: Monday, July 23, 2007 3:51 PM To: Emre ; mod...@li... Subject: RE: [mod-security-users] mod_unique_id =20 ModSecurity needs mod_unique_id to be installed as it uses it for = providing unique id tags to all transactions. It sounds like you added the module correctly to the httpd.conf file. What does your error_log file tell = you about why Apache triggered the 400 status code? =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 _____ =20 From: mod...@li... [mailto:mod...@li...] On Behalf Of = Emre=20 Sent: Monday, July 23, 2007 8:40 AM To: mod...@li... Subject: [mod-security-users] mod_unique_id =20 Hi all, =20 I am a newbie on modsecurity and i am trying to prepare .conf files. At = this point i have a problem??? =20 When i add the mod_unique_id module (LoadModule unique_id_module modules/mod_unique_id.so) my web page does'n response(or lets say = responses 400 bad request) =20 Moreover, the unique_id module should be integrated to httpd.conf or modsecurity.conf (conf.d/*.conf) =20 Thus, what should i do to make modsecurity run effectively,=20 =20 Should i disable mod_unique_id or there is a way to run both of two at = the same time? |