Thread: [mod-security-users] modsecurity config with Apache 1.x
Brought to you by:
victorhora,
zimmerletw
From: Forrest A. <fo...@fo...> - 2004-10-22 13:57:34
|
I've set up mod_security with Apache-1.x, configured the httpd.conf file properly, etc. But I've yet to see anything in the logs to indicate it's working. I still see: 24.126.92.237 - - [22/Oct/2004:02:09:47 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 \x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 \x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 \x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 ad nauseum Which I'm trying to block - the above looks like a worm or something, which really messed up my logfiles. Do I need to enable this per VirtualHost? The beginning of the httpd.conf directive has: <IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) SecFilterEngine DynamicOnly # Reject requests with status 403 SecFilterDefaultAction "deny,log,status:403" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off # Accept almost all byte values SecFilterForceByteRange 1 255 Perhaps I need to put in some specific rules for the above. But I'm surprised that, after weeks of running, nothing has been logged. Thanks. |
From: Ivan R. <iv...@we...> - 2004-10-22 14:35:24
|
Forrest Aldrich wrote: > I've set up mod_security with Apache-1.x, configured the httpd.conf file > properly, etc. But I've yet to see anything in the logs to indicate > it's working. I don't know whether it's working or not in your case but the example you gave cannot be stopped with mod_security because Apache does it first. See here for details: http://sourceforge.net/mailarchive/forum.php?thread_id=5595944&forum_id=33492 -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |