[mod-security-users] sitebuilder problem after updating to 2.1.4
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] sitebuilder problem after updating to 2.1.4
|
From: Segun ... <sho...@ho...> - 2007-10-17 16:54:09
|
Hi guys, =20 I updated my modsecurity to 2.1.4 and expected there were some false positi= ves. I am particularly getting false positives for sitebuilder but there is= no "ID" which will give me an idea of the rule that's been triggered below= is message from the audit log.Can you please take a look and help me with = which rule is triggered =20 [17/Oct/2007:02:30:02 --0700] 8jLiA38AAAEAAD-th6UAAAAB 70.*.*.* 41060 70.*.= *.*.--99efc960-B--POST /ServiceFacade/4.0/SystemWebService.asmx HTTP/1.0Use= r-Agent: PEAR-SOAP 0.8.0RC4-develHost: sitebuilder.*****.netContent-Type: t= ext/xml; charset=3DUTF-8Content-Length: 683SOAPAction: "http://swsoft.com/w= ebservices/sb/4.0/SystemService/GetVersionApi" --99efc960-C--<?xml version=3D"1.0" encoding=3D"UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV=3D"http://schemas.xmlsoap.org/soap/envel= ope/" xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:xsi=3D"http://ww= w.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC=3D"http://schemas.xmlsoap.= org/soap/encoding/" xmlns:ns4=3D"http://swsoft.com/webservices/sb/4.0/Syste= mService"><SOAP-ENV:Header> <CredentialsSoapHeader xmlns=3D"http://swsoft.com/webservices/sb/4.0/System= Service"><Login>admin</Login><Password>******</Password><SsoId></SsoId><Sso= SessionId></SsoSessionId></CredentialsSoapHeader></SOAP-ENV:Header><SOAP-EN= V:Body> <ns4:GetVersionApi/></SOAP-ENV:Body></SOAP-ENV:Envelope> --99efc960-F--HTTP/1.1 500 Internal Server ErrorX-Powered-By: PHP/5.2.1Cont= ent-Length: 278Connection: closeContent-Type: text/xml; charset=3Dutf-8 --99efc960-H--Apache-Handler: cgi-scriptStopwatch: 1192613402305027 136205 = (898* 2156 -)Producer: ModSecurity v2.1.4-rc1 (Apache 2.x)Server: Apache/2.= 2.4 (Fedora) =20 The only way i can get the module sitebuilder to work from my control panel= is to turn off modsecurity because DetectionOnly still blocks it.=20 I should also mention that since i updated most of the alerts are not showi= ng up in modsecurity console, for instance the sitebuilder alert only shows= up when i use modsec_auditlog as SecAuditLogStorageDir and SecAuditLog de= stination as oppose to using mlogc folder. =20 Thanks for your help = |