Thread: [mod-security-users] Static Compilation of ModSecurity 2.x
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-04-19 20:18:11
Attachments:
Makefile.in
config.m4.security
|
I wanted to send this email to the list so as to clarify the DSO vs. Static module issue. There is no official policy that ModSecurity has to or needs to only be used as a DSO. That was just the configuration that Ivan used when designing it and it happens that the majority of users allow DSOs. It is not that static compilation is not possible, it just wasn't a straight forward, easy change. Jeff sent me the email below showing how creates a Mod 2.x static RPM build. Hopefully this will help some users who desire static modules. I will also try to integrate this info back into the installation documentation. Thanks for sharing Jeff. --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member Author: Preventing Web Attacks with Apache =20 -------------- Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) Learn More About the Breach Webinar Series: http://www.breach.com/webinars.asp -------------- =20 > -----Original Message----- > From: Jeff Tharp [mailto:jt...@es...] > Sent: Thursday, April 19, 2007 12:52 PM > To: Ryan Barnett > Subject: RE: mod-security-users Digest, Vol 11, Issue 16 >=20 > Ryan, > Just curious, why is it that the official policy is you can only run > ModSecurity 2.x as a DSO module? I current run ModSecurity 2.0 compiled > statically into Apache 2.2 and haven't had any issues. I added the > following steps to my RPM build of Apache: >=20 > # Configure third party modules into Apache source tree > cp -R modsecurity-*/apache2 modules/security2 > cp $RPM_SOURCE_DIR/Makefile.in modules/security2/Makefile.in > cp $RPM_SOURCE_DIR/config.m4.security modules/security2/config.m4 > ./buildconf >=20 > This is in the %prep stage just before %build >=20 > I have attached the config.m4 and Makefile.in I use. >=20 > I can't take credit for this trick BTW, I'm pretty sure I got it > originally from a mailing-list post from Ivan. I've followed the same > steps for ModSecurity 2.1 and the RPM built fine, though I have yet to > begin actively test working with 2.1. >=20 > Jeff Tharp > System Administrator > ESRI - Redlands, CA > http://www.esri.com >=20 > > -----Original Message----- > > From: mod...@li... > > [mailto:mod...@li...] On > > Behalf Of mod...@li... > > Sent: Thursday, April 19, 2007 12:44 PM > > To: mod...@li... > > Subject: mod-security-users Digest, Vol 11, Issue 16 > > > > Send mod-security-users mailing list submissions to > > mod...@li... > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > or, via email, send a message with subject or body 'help' to > > mod...@li... > > > > You can reach the person managing the list at > > mod...@li... > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of mod-security-users digest..." > > > > > > Today's Topics: > > > > 1. Re: howto compile modsecurity2 into apache2statically? > > (Ryan Barnett) > > 2. Re: White List an IP from Rules (Ryan Barnett) > > 3. Re: White List an IP from Rules (Ryan Barnett) > > 4. Re: White List an IP from Rules (Russ Lavoie) > > 5. Modsecurity and Console Issue (Russ Lavoie) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Thu, 19 Apr 2007 12:47:09 -0400 > > From: "Ryan Barnett" <Ryan.Barnett@Breach.com> > > Subject: Re: [mod-security-users] howto compile modsecurity2 into > > apache2statically? > > To: "Monty Ree" <chu...@ho...>, > > <mod...@li...> > > Message-ID: > > > > <02E766F69AF6AC48B9CF52ABC0DA11E1030A3A7F@MERCEDES.utopiasystems.net> > > Content-Type: text/plain; charset=3D"us-ascii" > > > > > -----Original Message----- > > > From: mod...@li... [mailto:mod- > > > sec...@li...] On Behalf Of Monty Ree > > > Sent: Thursday, April 19, 2007 1:54 AM > > > To: mod...@li... > > > Subject: [mod-security-users] howto compile modsecurity2 into > > > apache2statically? > > > > > > Hello, all. > > > > > > I would like to install modsecurity2 with static installation with > > Apache > > > 2.x. > > > But, manual says only DSO I guess. So I can't find any > > manual related > > with > > > static installation. > > > > > > > > [Ryan Barnett] ModSecurity can currently only be compiled as a DSO > > module. The ModSecurity Migration Matrix document discusses > > this issue > > - > > http://www.modsecurity.org/documentation/ModSecurity-Migration > -Matrix.pd > > f. > > > > > > > > > > ------------------------------ > > > > Message: 2 > > Date: Thu, 19 Apr 2007 13:06:16 -0400 > > From: "Ryan Barnett" <Ryan.Barnett@Breach.com> > > Subject: Re: [mod-security-users] White List an IP from Rules > > To: "Russ Lavoie" <rl...@nc...>, "Christian Bockermann" > > <ch...@jw...> > > Cc: mod...@li... > > Message-ID: > > > > <02E766F69AF6AC48B9CF52ABC0DA11E1030A3AA5@MERCEDES.utopiasystems.net> > > Content-Type: text/plain; charset=3D"us-ascii" > > > > Russ, > > This rule should work - > > > > SecRule REMOTE_ADDR ^xxx\.xxx\.xxx\.xxx$ \ > > "phase:1,allow,nolog,ctl:ruleEngine=3DOff" > > > > One issue to consider is "where" you are placing your new custom rule. > > It needs to come before any other Core Rules (however after the > > modsecurity_crs_10_config.conf file). Please refer to this > > Blog post - > > http://www.modsecurity.org/blog/archives/2007/02/handling_false.html. > > > > -- > > Ryan C. Barnett > > ModSecurity Community Manager > > Breach Security: Director of Application Security Training > > Web Application Security Consortium (WASC) Member > > Author: Preventing Web Attacks with Apache > > > > -------------- > > Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) > > Learn More About the Breach Webinar Series: > > http://www.breach.com/webinars.asp > > -------------- > > > > > > > -----Original Message----- > > > From: mod...@li... [mailto:mod- > > > sec...@li...] On Behalf Of > > Russ Lavoie > > > Sent: Thursday, April 19, 2007 8:35 AM > > > To: Christian Bockermann > > > Cc: mod...@li... > > > Subject: Re: [mod-security-users] White List an IP from Rules > > > > > > I also tried. > > > > > > SecRule REMOTE_ADDR ^xxx\.xxx\.xxx\.xx$ > > > "nolog,phase:1,ctl:ruleEngine=3DOff" > > > > > > It also results in logs. > > > > > > [Thu Apr 19 11:33:11 2007] [error] [client xxx.xxx.xxx.xxx] > > ModSecurity: > > > Warning. Operator EQ match: 0. [id "960009"] [msg "Request Missing a > > > User Agent Header"] [severity "WARNING"] [hostname > > "domain.com"] [uri > > > "/home/dir"] [unique_id "66-hp6wegU0AADfGE4EAAAAH"] > > > > > > It still logs on the rulesets. > > > > > > Thanks > > > > > > > > > > > > -----Original Message----- > > > From: Christian Bockermann [mailto:ch...@jw...] > > > Sent: Thursday, April 19, 2007 9:13 AM > > > To: Russ Lavoie > > > Cc: mod...@li... > > > Subject: Re: [mod-security-users] White List an IP from Rules > > > > > > You could turn off the rule-engine on specific request-properties > > > (as IP for example). > > > This would need to be done BEFORE any other rules are executed > > > (included in your config). > > > > > > For example > > > > > > SecRule REMOTE_ADDR ^1\.2\.3\.4$ nolog,phase:1,allow > > > > > > The alternative would be to specify "ctl:ruleEngine=3DOff" instead of > > > "allow". > > > See > > http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/ > > > html-multipage/07-actions.html > > > > > > Regards, > > > Chris > > > > > > > > > Am 19.04.2007 um 15:32 schrieb Russ Lavoie: > > > > > > > I looked through the manual and I was unable to figure out how to > > > > whitelist and IP address from *ALL* rules. > > > > > > > > For instance, I have a load balancing device that queries port 80 > > > > on my > > > > web servers, but doesn't have a User-Agent so it is alerting on > > that. > > > > How would I whitelist a ruleset to ignore the IP address. > > > > > > > > Any help would be appreciated. > > > > > > > > Thanks! > > > > > > > > > > ---------------------------------------------------------------------- > > > > > > > --- > > > > This SF.net email is sponsored by DB2 Express > > > > Download DB2 Express C - the FREE version of DB2 express and take > > > > control of your XML. No limits. Just data. Click to get it now. > > > > http://sourceforge.net/powerbar/db2/ > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > > > > -------------------------------------------------------------- > > ---------- > > - > > > This SF.net email is sponsored by DB2 Express > > > Download DB2 Express C - the FREE version of DB2 express and take > > > control of your XML. No limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Thu, 19 Apr 2007 13:34:31 -0400 > > From: "Ryan Barnett" <Ryan.Barnett@Breach.com> > > Subject: Re: [mod-security-users] White List an IP from Rules > > To: "Avi Aminov" <av...@br...>, "Russ Lavoie" > > <rl...@nc...>, > > <mod...@li...> > > Message-ID: > > > > <02E766F69AF6AC48B9CF52ABC0DA11E1030A3AD6@MERCEDES.utopiasystems.net> > > Content-Type: text/plain; charset=3D"us-ascii" > > > > There are a few issues with these proposed rules. > > > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" > > > "phase:1,ctl:RuleEngine=3DOff" > > > (Replace the address with the desired address) > > > > This rule is missing a disruptive action and is most likely inheriting > > the default "deny" action. The "ctl:ruleEngine" action does not apply > > to the current rule but will take effect after the rule is > > processed for > > the remainder of the transaction. > > > > > If you want to disable only specific rules, then put the following > > rule > > > before the rule you wish to disable: > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,skip:1" > > > > You can take this approach, however it is recommended that you follow > > the process outlined in this Blog post > > (http://www.modsecurity.org/blog/archives/2007/02/handling_false.html) > > so that you minimize editing the Core Rules themselves and > > keep your own > > custom rules in separate files. > > > > > > > An even better way to do this: if, for example, you wish to > > remove the > > > rules with IDs 2,6 and 18: > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,chain" > > > SecRuleRemoveByID 2 6 18 > > > > This rule does not work as expected. The issue is that > > SecRuleRemoveById is not a rule but a directive. This would mean that > > the rule would be "chained" to the next rule, whatever that may be... > > There are development plans to have a new "ctl" action that will > > function similar to SecRuleRemoveById. > > > > I would highly recommend that you turn the debug log up when testing > > these rulesets to ensure that they are acting as expected. > > > > -- > > Ryan C. Barnett > > ModSecurity Community Manager > > Breach Security: Director of Application Security Training > > Web Application Security Consortium (WASC) Member > > Author: Preventing Web Attacks with Apache > > > > -------------- > > Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) > > Learn More About the Breach Webinar Series: > > http://www.breach.com/webinars.asp > > -------------- > > > > > > > -----Original Message----- > > > From: mod...@li... [mailto:mod- > > > sec...@li...] On Behalf Of > > Avi Aminov > > > Sent: Thursday, April 19, 2007 8:47 AM > > > To: Russ Lavoie; mod...@li... > > > Subject: Re: [mod-security-users] White List an IP from Rules > > > > > > In the 3rd option, try this modified rule: > > > SecRule REMOTE_ADDR "^!172\.30\.129\.77$" "phase:1,skip:1" > > > SecRuleRemoveByID 2 6 18 > > > (Note the negation symbol '!') > > > > > > In the 1st option, I think I put an extra line break that > > shouldn't be > > > there, and Chris omitted the capital letter in RuleEngine > > (I think it > > > doesn't work without it). To clarify, here it is again: > > > SecRule REMOTE_ADDR "^172\.30\.129\.77$" > > "phase:1,ctl:RuleEngine=3DOff" > > > (all in one line) > > > > > > Avi. > > > > > > -----Original Message----- > > > From: Russ Lavoie [mailto:rl...@nc...] > > > Sent: Thursday, April 19, 2007 6:30 PM > > > To: Avi Aminov; mod...@li... > > > Subject: RE: [mod-security-users] White List an IP from Rules > > > > > > Hmm.. > > > > > > > > > I did the 3rd option and I get the following. > > > > > > /etc/init.d/httpd configtest > > > Syntax error on line 24 of > > > > > /usr/local/apache2.2.4/conf/security/rules/modsecurity_crs_20_ > protocol_v > > > iolations.conf: > > > ModSecurity: Metadata actions (id, rev, msg) can only be > > specified by > > > chain starter rules. > > > > > > So that one doesn't work out of the box. > > > > > > These are the core rules that are unmodified. So the 3rd rule is > > > conflicting with something. > > > > > > Also, I tried the first rule and it still logs and alerts > > when that IP > > > is listed. Below is the log. > > > > > > [Thu Apr 19 11:26:37 2007] [error] [client 172.30.129.77] > > ModSecurity: > > > Warning. Pattern match "^xxx\\\\.xx\\\\.xxx\\\\.xx$" at REMOTE_ADDR. > > > [hostname "www.guildwars.com"] [uri > > "/newsarchive/rss/news-current.xml"] > > > [unique_id "1CqN0KwegU0AADecBBcAAAAC"] > > > [Thu Apr 19 11:26:37 2007] [error] [client xxx.xxx.xxx.xxx] > > ModSecurity: > > > Warning. Operator EQ match: 0. [id "960009"] [msg "Request Missing a > > > User Agent Header"] [severity "WARNING"] [hostname > > "www.guildwars.com"] > > > [uri "/newsarchive/rss/news-current.xml"] [unique_id > > > "1CqN0KwegU0AADecBBcAAAAC"] > > > > > > Here is the rule I set. > > > > > > SecRule REMOTE_ADDR "^xxx\.xxx\.xxx\.xxx$" > > "phase:1,ctl:ruleEngine=3DOff" > > > > > > :( > > > > > > Thanks! > > > > > > -----Original Message----- > > > From: Avi Aminov [mailto:av...@br...] > > > Sent: Thursday, April 19, 2007 8:48 AM > > > To: Russ Lavoie > > > Subject: RE: [mod-security-users] White List an IP from Rules > > > > > > Hi Russ, > > > > > > Do you want modsecurity to allow all transactions from this > > IP without > > > checking? If that is the case, use this rule: > > > > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" > > > "phase:1,ctl:RuleEngine=3DOff" > > > (Replace the address with the desired address) > > > > > > If you want to disable only specific rules, then put the following > > rule > > > before the rule you wish to disable: > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,skip:1" > > > > > > An even better way to do this: if, for example, you wish to > > remove the > > > rules with IDs 2,6 and 18: > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,chain" > > > SecRuleRemoveByID 2 6 18 > > > > > > I hope this was helpful to you. > > > > > > Avi. > > > > > > > > > -----Original Message----- > > > From: mod...@li... > > > [mailto:mod...@li...] > > On Behalf Of > > > Russ Lavoie > > > Sent: Thursday, April 19, 2007 4:33 PM > > > To: mod...@li... > > > Subject: [mod-security-users] White List an IP from Rules > > > > > > I looked through the manual and I was unable to figure out how to > > > whitelist and IP address from *ALL* rules. > > > > > > For instance, I have a load balancing device that queries port 80 on > > my > > > web servers, but doesn't have a User-Agent so it is > > alerting on that. > > > How would I whitelist a ruleset to ignore the IP address. > > > > > > Any help would be appreciated. > > > > > > Thanks! > > > > > > > > -------------------------------------------------------------- > > ---------- > > > - > > > This SF.net email is sponsored by DB2 Express > > > Download DB2 Express C - the FREE version of DB2 express and take > > > control of your XML. No limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > -------------------------------------------------------------- > > ---------- > > - > > > This SF.net email is sponsored by DB2 Express > > > Download DB2 Express C - the FREE version of DB2 express and take > > > control of your XML. No limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > ------------------------------ > > > > Message: 4 > > Date: Thu, 19 Apr 2007 14:32:29 -0500 > > From: "Russ Lavoie" <rl...@nc...> > > Subject: Re: [mod-security-users] White List an IP from Rules > > To: "Avi Aminov" <av...@br...>, > > <mod...@li...> > > Message-ID: > > <A7F45D1181C13B4889DC95CB1D55F27295CADA@NCAEXCH01.ncaustin.com> > > Content-Type: text/plain; charset=3D"us-ascii" > > > > That worked :) > > > > Thanks :) > > > > > > > > -----Original Message----- > > From: Avi Aminov [mailto:av...@br...] > > Sent: Thursday, April 19, 2007 10:47 AM > > To: Russ Lavoie; mod...@li... > > Subject: RE: [mod-security-users] White List an IP from Rules > > > > In the 3rd option, try this modified rule: > > SecRule REMOTE_ADDR "^!172\.30\.129\.77$" "phase:1,skip:1" > > SecRuleRemoveByID 2 6 18 > > (Note the negation symbol '!') > > > > In the 1st option, I think I put an extra line break that shouldn't be > > there, and Chris omitted the capital letter in RuleEngine (I think it > > doesn't work without it). To clarify, here it is again: > > SecRule REMOTE_ADDR "^172\.30\.129\.77$" > > "phase:1,ctl:RuleEngine=3DOff" > > (all in one line) > > > > Avi. > > > > -----Original Message----- > > From: Russ Lavoie [mailto:rl...@nc...] > > Sent: Thursday, April 19, 2007 6:30 PM > > To: Avi Aminov; mod...@li... > > Subject: RE: [mod-security-users] White List an IP from Rules > > > > Hmm.. > > > > > > I did the 3rd option and I get the following. > > > > /etc/init.d/httpd configtest > > Syntax error on line 24 of > > /usr/local/apache2.2.4/conf/security/rules/modsecurity_crs_20_ > protocol_v > > iolations.conf: > > ModSecurity: Metadata actions (id, rev, msg) can only be specified by > > chain starter rules. > > > > So that one doesn't work out of the box. > > > > These are the core rules that are unmodified. So the 3rd rule is > > conflicting with something. > > > > Also, I tried the first rule and it still logs and alerts when that IP > > is listed. Below is the log. > > > > [Thu Apr 19 11:26:37 2007] [error] [client 172.30.129.77] ModSecurity: > > Warning. Pattern match "^xxx\\\\.xx\\\\.xxx\\\\.xx$" at REMOTE_ADDR. > > [hostname "www.guildwars.com"] [uri > > "/newsarchive/rss/news-current.xml"] > > [unique_id "1CqN0KwegU0AADecBBcAAAAC"] > > [Thu Apr 19 11:26:37 2007] [error] [client xxx.xxx.xxx.xxx] > > ModSecurity: > > Warning. Operator EQ match: 0. [id "960009"] [msg "Request Missing a > > User Agent Header"] [severity "WARNING"] [hostname > > "www.guildwars.com"] > > [uri "/newsarchive/rss/news-current.xml"] [unique_id > > "1CqN0KwegU0AADecBBcAAAAC"] > > > > Here is the rule I set. > > > > SecRule REMOTE_ADDR "^xxx\.xxx\.xxx\.xxx$" > > "phase:1,ctl:ruleEngine=3DOff" > > > > :( > > > > Thanks! > > > > -----Original Message----- > > From: Avi Aminov [mailto:av...@br...] > > Sent: Thursday, April 19, 2007 8:48 AM > > To: Russ Lavoie > > Subject: RE: [mod-security-users] White List an IP from Rules > > > > Hi Russ, > > > > Do you want modsecurity to allow all transactions from this IP without > > checking? If that is the case, use this rule: > > > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" > > "phase:1,ctl:RuleEngine=3DOff" > > (Replace the address with the desired address) > > > > If you want to disable only specific rules, then put the > > following rule > > before the rule you wish to disable: > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,skip:1" > > > > An even better way to do this: if, for example, you wish to remove the > > rules with IDs 2,6 and 18: > > SecRule REMOTE_ADDR "^192\.168\.0\.1$" "phase:1,chain" > > SecRuleRemoveByID 2 6 18 > > > > I hope this was helpful to you. > > > > Avi. > > > > > > -----Original Message----- > > From: mod...@li... > > [mailto:mod...@li...] On Behalf Of > > Russ Lavoie > > Sent: Thursday, April 19, 2007 4:33 PM > > To: mod...@li... > > Subject: [mod-security-users] White List an IP from Rules > > > > I looked through the manual and I was unable to figure out how to > > whitelist and IP address from *ALL* rules. > > > > For instance, I have a load balancing device that queries > > port 80 on my > > web servers, but doesn't have a User-Agent so it is alerting on that. > > How would I whitelist a ruleset to ignore the IP address. > > > > Any help would be appreciated. > > > > Thanks! > > > > -------------------------------------------------------------- > > ---------- > > - > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > ------------------------------ > > > > Message: 5 > > Date: Thu, 19 Apr 2007 14:43:34 -0500 > > From: "Russ Lavoie" <rl...@nc...> > > Subject: [mod-security-users] Modsecurity and Console Issue > > To: <mod...@li...>, "Ivan Ristic" > > <iva...@br...> > > Message-ID: > > <A7F45D1181C13B4889DC95CB1D55F27295CAE7@NCAEXCH01.ncaustin.com> > > Content-Type: text/plain; charset=3D"us-ascii" > > > > Hello All, > > > > > > > > Running apache 2.2.4 and modsecurity 2.1.1 with the core ruleset. > > > > > > > > ModSecurity Console is reporting my load balancing devices as > > the remote > > IP (private IP range). BUT, inside the alert the hit has the actual > > public IP of the person hitting the site. Is there something I can do > > here? > > > > > > > > Below is an example: > > > > > > > > This is the console hit list. > > > > > > > > 2007-04-19 > > 15:33:11 > > 172.30.35.26 (THIS IS MY LOAD BALANCING DEVICE) > > PORT: 22532 HOSTNAME: domain.com METHOD: GET URI: > > /_vti_bin/owssvr.dll > > URL file extension is restricted by policy > > > > > > > > This is inside the hit. > > > > > > > > GET = /_vti_bin/owssvr.dll?UL=3D1&ACT=3D4&BUILD=3D4518&STRMVER=3D4&CAPREQ=3D0 > > HTTP/1.1Accept: */* > > X-Vermeer-Content-Type: application/octet-stream > > Accept-Encoding: gzip, deflate > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > 5.1; SV1; .NET > > CLR 2.0. \ > > 50727; InfoPath.2) > > Host: domain.com > > Connection: Keep-Alive > > Cache-Control: no-cache > > Cookie: __utmc=3D45631794; > > __utma=3D45631794.777472214.1172694132.1177005191.11770101 \ > > 52.100; > > __utmz=3D45631794.1172694132.1.1.utmccn=3D(direct)|utmcsr=3D(direct) > |utmcmd=3D(n > > o \ > > ne); __utmb=3D45631794 > > NS_FORWARD: 82.9.67.163 (ACTUAL IP) > > > > > > > > Why is it reporting the wrong IP on the initial page in the console? > > This is making it pretty rough for me. > > > > > > > > Thanks! > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: not available > > Type: image/gif > > Size: 1001 bytes > > Desc: image001.gif > > > > ------------------------------ > > > > -------------------------------------------------------------- > > ----------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > > > ------------------------------ > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > End of mod-security-users Digest, Vol 11, Issue 16 > > ************************************************** > > > > |