Thread: [mod-security-users] mlogc not writing to console
Brought to you by:
victorhora,
zimmerletw
From: Fem R. <fem...@gm...> - 2015-01-22 15:44:46
|
Hi, I have been struggling with mlogc to work. I built modsecurity 2.7.7 on debian 7. Now mlogc is not writing to the console., but I can see the data in /var/log/mlogc/data mlogc error file is: [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to 85.159.209.7 (85.159.209.7) port 80 (#0) [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth using Basic with user 'aspis' [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT /waffle/controller HTTP/1.1 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff not fine transfer.c:1037: 0 0 [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT --47dc5277-A-- [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are completely uploaded and fine [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or later with persistent connection, pipelining supported [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 Moved Permanently [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, 22 Jan 2015 15:37:20 GMT [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: Apache/2.2.22 (Debian) [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: http://XXXXXXXX/waffle/controller/ [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: Accept-Encoding [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Content-Length: 324 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Content-Type: text/html; charset=iso-8859-1 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to host 85.159.209.7 left intact [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP response code 301: Moved Permanently [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing completed. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to server error. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown locking thread mutex. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown unlocking thread mutex. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread completed. [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: Processing What could be wrong? Femitha |
From: Winfried N. <ne...@cl...> - 2015-01-22 16:14:38
|
Hi, > [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, 22 Jan 2015 15:37:20 GMT > [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: Apache/2.2.22 (Debian) > [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: http://XXXXXXXX/waffle/controller/ > Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc sends the data to your configured WAF-FLE URL but the webserver running WAF-FLE returns a 301 instead of a 200 (or whatever mlogc is expecting). Winni > From: "Fem Rah" <fem...@gm...> > To: "mod-security-users" <mod...@li...> > Sent: Thursday, January 22, 2015 9:44:40 AM > Subject: [mod-security-users] mlogc not writing to console > Hi, > I have been struggling with mlogc to work. I built modsecurity 2.7.7 on debian > 7. > Now mlogc is not writing to the console., but I can see the data in > /var/log/mlogc/data > mlogc error file is: > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to > 85.159.209.7 (85.159.209.7) port 80 (#0) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth using > Basic with user 'aspis' > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT > /waffle/controller HTTP/1.1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff not > fine transfer.c:1037: 0 0 > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT > --47dc5277-A-- > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are completely > uploaded and fine > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or later with > persistent connection, pipelining supported > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 > Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, > 22 Jan 2015 15:37:20 GMT > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: > Apache/2.2.22 (Debian) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: > http://XXXXXXXX/waffle/controller/ > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: > Accept-Encoding > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Length: 324 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Type: text/html; charset=iso-8859-1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN <!DOCTYPE HTML > PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to host > 85.159.209.7 left intact > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with status > "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC > [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as errored > after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP response code > 301: Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing completed. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to server > error. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown locking > thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown unlocking > thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread completed. > [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: > Processing > What could be wrong? > Femitha > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
From: J. T. <jun...@gm...> - 2015-01-22 16:49:20
|
Hi When you accessing directly the endpoint http://XXXXXXXX/waffle/controller/ <http://xxxxxxxx/waffle/controller/> it shows a 302 answer. to where is it redirected when you try to reach it via browser? On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen <ne...@cl...> wrote: > Hi, > > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > HTTP/1.1 301 Moved Permanently > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Date: Thu, 22 Jan 2015 15:37:20 GMT > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Server: Apache/2.2.22 (Debian) > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Location: http://XXXXXXXX/waffle/controller/ > <http://xxxxxxxx/waffle/controller/> > > > > Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc sends > the data to your configured WAF-FLE URL but the webserver running WAF-FLE > returns > a 301 instead of a 200 (or whatever mlogc is expecting). > > Winni > > ------------------------------ > > *From: *"Fem Rah" <fem...@gm...> > *To: *"mod-security-users" <mod...@li...> > *Sent: *Thursday, January 22, 2015 9:44:40 AM > *Subject: *[mod-security-users] mlogc not writing to console > > Hi, > > I have been struggling with mlogc to work. I built modsecurity 2.7.7 on > debian 7. > > Now mlogc is not writing to the console., but I can see the data in > /var/log/mlogc/data > > mlogc error file is: > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to > 85.159.209.7 (85.159.209.7) port 80 (#0) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth > using Basic with user 'aspis' > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT > /waffle/controller HTTP/1.1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff > not fine transfer.c:1037: 0 0 > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT > --47dc5277-A-- > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are > completely uploaded and fine > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or > later with persistent connection, pipelining supported > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > HTTP/1.1 301 Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: > Thu, 22 Jan 2015 15:37:20 GMT > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Server: Apache/2.2.22 (Debian) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Location: http://XXXXXXXX/waffle/controller/ > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: > Accept-Encoding > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Length: 324 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Type: text/html; charset=iso-8859-1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN > <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to > host 85.159.209.7 left intact > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with > status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC > [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as > errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP > response code 301: Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing > completed. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to > server error. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown > locking thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown > unlocking thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread > completed. > [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: > Processing > > What could be wrong? > > Femitha > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > -- Grato, Tozo |
From: Fem R. <fem...@gm...> - 2015-01-22 17:32:05
|
When I try it from browser, I do not get a 301 error. I just get a blank page, as it does in waffle. On Thu, Jan 22, 2015 at 7:49 PM, J. Tozo <jun...@gm...> wrote: > Hi > > When you accessing directly the endpoint > http://XXXXXXXX/waffle/controller/ <http://xxxxxxxx/waffle/controller/> it > shows a 302 answer. to where is it redirected when you try to reach it via > browser? > > On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen < > ne...@cl...> wrote: > >> Hi, >> >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> HTTP/1.1 301 Moved Permanently >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Date: Thu, 22 Jan 2015 15:37:20 GMT >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Server: Apache/2.2.22 (Debian) >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Location: http://XXXXXXXX/waffle/controller/ >> <http://xxxxxxxx/waffle/controller/> >> > >> >> Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc >> sends >> the data to your configured WAF-FLE URL but the webserver running WAF-FLE >> returns >> a 301 instead of a 200 (or whatever mlogc is expecting). >> >> Winni >> >> ------------------------------ >> >> *From: *"Fem Rah" <fem...@gm...> >> *To: *"mod-security-users" <mod...@li...> >> *Sent: *Thursday, January 22, 2015 9:44:40 AM >> *Subject: *[mod-security-users] mlogc not writing to console >> >> Hi, >> >> I have been struggling with mlogc to work. I built modsecurity 2.7.7 on >> debian 7. >> >> Now mlogc is not writing to the console., but I can see the data in >> /var/log/mlogc/data >> >> mlogc error file is: >> >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to >> 85.159.209.7 (85.159.209.7) port 80 (#0) >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth >> using Basic with user 'aspis' >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT >> /waffle/controller HTTP/1.1 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional >> stuff not fine transfer.c:1037: 0 0 >> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT >> --47dc5277-A-- >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are >> completely uploaded and fine >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or >> later with persistent connection, pipelining supported >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> HTTP/1.1 301 Moved Permanently >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: >> Thu, 22 Jan 2015 15:37:20 GMT >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Server: Apache/2.2.22 (Debian) >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Location: http://XXXXXXXX/waffle/controller/ >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: >> Accept-Encoding >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Content-Length: 324 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Content-Type: text/html; charset=iso-8859-1 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN >> <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 >> to host 85.159.209.7 left intact >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with >> status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC >> [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as >> errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP >> response code 301: Moved Permanently >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing >> completed. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to >> server error. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >> locking thread mutex. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >> unlocking thread mutex. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread >> completed. >> [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: >> Processing >> >> What could be wrong? >> >> Femitha >> >> >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > > > -- > Grato, > > Tozo > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
From: Felipe C. <FC...@tr...> - 2015-01-22 17:56:05
|
Hi, Fem, I would recommend the utilization of the most recent version of ModSecurity, check it here: https://github.com/SpiderLabs/ModSecurity/releases Notice that the mlgoc not only sends the auditlog file but also it sends a special headers to your console, such as: - X-ForensicLog-Summary - X-Content-Hash It means that it probably won¹t work if you try to send the request without those headers (via curl or browser) ‹ you have to check that with the WAF-FLE people. Check on WAF-FLE developers to see if there is a log that contains information regarding why a particular event was not ³accepted². Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: "J. Tozo" <jun...@gm...> Reply-To: "mod...@li..." <mod...@li...> Date: Thursday, January 22, 2015 at 1:49 PM To: "mod...@li..." <mod...@li...> Subject: Re: [mod-security-users] mlogc not writing to console Hi When you accessing directly the endpoint http://XXXXXXXX/waffle/controller/ it shows a 302 answer. to where is it redirected when you try to reach it via browser? On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen <ne...@cl...> wrote: Hi, > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, 22 Jan 2015 15:37:20 GMT > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: Apache/2.2.22 (Debian) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: http://XXXXXXXX/waffle/controller/ > Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc sends the data to your configured WAF-FLE URL but the webserver running WAF-FLE returns a 301 instead of a 200 (or whatever mlogc is expecting). Winni ________________________________________ From: "Fem Rah" <fem...@gm...> To: "mod-security-users" <mod...@li...> Sent: Thursday, January 22, 2015 9:44:40 AM Subject: [mod-security-users] mlogc not writing to console Hi, I have been struggling with mlogc to work. I built modsecurity 2.7.7 on debian 7. Now mlogc is not writing to the console., but I can see the data in /var/log/mlogc/data mlogc error file is: [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to 85.159.209.7 (85.159.209.7) port 80 (#0) [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth using Basic with user 'aspis' [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT /waffle/controller HTTP/1.1 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff not fine transfer.c:1037: 0 0 [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT --47dc5277-A-- [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are completely uploaded and fine [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or later with persistent connection, pipelining supported [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 Moved Permanently [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, 22 Jan 2015 15:37:20 GMT [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: Apache/2.2.22 (Debian) [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: http://XXXXXXXX/waffle/controller/ <http://XXXXXXXX/waffle/controller/> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: Accept-Encoding [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Content-Length: 324 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Content-Type: text/html; charset=iso-8859-1 [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to host 85.159.209.7 left intact [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP response code 301: Moved Permanently [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing completed. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to server error. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown locking thread mutex. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown unlocking thread mutex. [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread completed. [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: Processing What could be wrong? Femitha --------------------------------------------------------------------------- --- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 ACQCE2IA&s=5&u=http%3a%2f%2fp%2esf%2enet%2fsfu%2fgigenet> _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 EFRCFhcQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2 fmod-security-users> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 NXEHg1dQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial %2frules%2f> http://www.modsecurity.org/projects/commercial/support/ <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 JTQnRhIA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial %2fsupport%2f> --------------------------------------------------------------------------- --- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 ACQCE2IA&s=5&u=http%3a%2f%2fp%2esf%2enet%2fsfu%2fgigenet> _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 EFRCFhcQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2 fmod-security-users> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 NXEHg1dQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial %2frules%2f> http://www.modsecurity.org/projects/commercial/support/ <http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 JTQnRhIA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial %2fsupport%2f> -- Grato, Tozo ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Fem R. <fem...@gm...> - 2015-01-24 18:05:25
|
Thank you so much for all your answers. Winfried, the trailing slash worked :-) Great job at solving. On Thu, Jan 22, 2015 at 8:55 PM, Felipe Costa <FC...@tr...> wrote: > Hi, > > Fem, I would recommend the utilization of the most recent version > of ModSecurity, check it here: > https://github.com/SpiderLabs/ModSecurity/releases > > > Notice that the mlgoc not only sends the auditlog file but also it > sends a special headers to your console, such as: > - X-ForensicLog-Summary > - X-Content-Hash > It means that it probably won¹t work if you try to send the request > without those headers (via curl or browser) ‹ you have to check that > with the WAF-FLE people. > > Check on WAF-FLE developers to see if there is a log that contains > information regarding why a particular event was not ³accepted². > > Br., > Felipe "Zimmerle" Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com > <http://www.trustwave.com/> > > > > > > > > From: "J. Tozo" <jun...@gm...> > Reply-To: "mod...@li..." > <mod...@li...> > Date: Thursday, January 22, 2015 at 1:49 PM > To: "mod...@li..." > <mod...@li...> > Subject: Re: [mod-security-users] mlogc not writing to console > > > Hi > > When you accessing directly the endpoint > http://XXXXXXXX/waffle/controller/ it shows a 302 answer. to where is it > redirected when you try to > reach it via browser? > > > On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen > <ne...@cl...> wrote: > > Hi, > > > > [Thu > Jan 22 18:37:20 > 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 Moved > Permanently > > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: > Thu, > 22 Jan 2015 15:37:20 > GMT > > > [Thu > Jan 22 18:37:20 > 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: Apache/2.2.22 > (Debian) > > > [Thu > Jan 22 18:37:20 > 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: > http://XXXXXXXX/waffle/controller/ > > > > Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc sends > the data to your configured WAF-FLE URL but the webserver running WAF-FLE > returns > > a 301 instead of a 200 (or whatever mlogc is expecting). > > Winni > > ________________________________________ > > From: "Fem Rah" <fem...@gm...> > To: "mod-security-users" <mod...@li...> > Sent: Thursday, January 22, 2015 9:44:40 AM > Subject: [mod-security-users] mlogc not writing to console > > > > > Hi, > > > I have been struggling with mlogc to work. I built modsecurity 2.7.7 on > debian 7. > > > Now mlogc is not writing to the console., but I can see the data in > /var/log/mlogc/data > > > mlogc error file is: > > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to > 85.159.209.7 (85.159.209.7) port 80 (#0) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth > using Basic with user 'aspis' > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT > /waffle/controller HTTP/1.1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff > not fine transfer.c:1037: 0 0 > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT > --47dc5277-A-- > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are > completely uploaded and fine > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or > later with persistent connection, pipelining supported > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > HTTP/1.1 301 Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: > Thu, 22 Jan 2015 15:37:20 GMT > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Server: Apache/2.2.22 (Debian) > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Location: > http://XXXXXXXX/waffle/controller/ <http://XXXXXXXX/waffle/controller/> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: > Accept-Encoding > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Length: 324 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > Content-Type: text/html; charset=iso-8859-1 > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN > [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN > <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to > host 85.159.209.7 left intact > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with > status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC > [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as > errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP > response code 301: Moved Permanently > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing > completed. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to > server error. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown > locking thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown > unlocking thread mutex. > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread > completed. > [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: > Processing > > > What could be wrong? > > > Femitha > > > > > --------------------------------------------------------------------------- > --- > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 > ACQCE2IA&s=5&u=http%3a%2f%2fp%2esf%2enet%2fsfu%2fgigenet> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 > EFRCFhcQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2 > fmod-security-users> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 > NXEHg1dQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial > %2frules%2f> > http://www.modsecurity.org/projects/commercial/support/ > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 > JTQnRhIA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial > %2fsupport%2f> > > > > > > > --------------------------------------------------------------------------- > --- > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 > ACQCE2IA&s=5&u=http%3a%2f%2fp%2esf%2enet%2fsfu%2fgigenet> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp8 > EFRCFhcQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2 > fmod-security-users> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 > NXEHg1dQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial > %2frules%2f> > http://www.modsecurity.org/projects/commercial/support/ > < > http://scanmail.trustwave.com/?c=4062&d=4avB1KhbU7Yif8CKqm0Us9bi7iaPTpuwp5 > JTQnRhIA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial > %2fsupport%2f> > > > > > > > > -- > Grato, > > Tozo > > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
From: Fem R. <fem...@gm...> - 2015-01-22 17:32:41
|
Could it be some curl issue? On Thu, Jan 22, 2015 at 7:49 PM, J. Tozo <jun...@gm...> wrote: > Hi > > When you accessing directly the endpoint > http://XXXXXXXX/waffle/controller/ <http://xxxxxxxx/waffle/controller/> it > shows a 302 answer. to where is it redirected when you try to reach it via > browser? > > On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen < > ne...@cl...> wrote: > >> Hi, >> >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> HTTP/1.1 301 Moved Permanently >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Date: Thu, 22 Jan 2015 15:37:20 GMT >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Server: Apache/2.2.22 (Debian) >> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Location: http://XXXXXXXX/waffle/controller/ >> <http://xxxxxxxx/waffle/controller/> >> > >> >> Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc >> sends >> the data to your configured WAF-FLE URL but the webserver running WAF-FLE >> returns >> a 301 instead of a 200 (or whatever mlogc is expecting). >> >> Winni >> >> ------------------------------ >> >> *From: *"Fem Rah" <fem...@gm...> >> *To: *"mod-security-users" <mod...@li...> >> *Sent: *Thursday, January 22, 2015 9:44:40 AM >> *Subject: *[mod-security-users] mlogc not writing to console >> >> Hi, >> >> I have been struggling with mlogc to work. I built modsecurity 2.7.7 on >> debian 7. >> >> Now mlogc is not writing to the console., but I can see the data in >> /var/log/mlogc/data >> >> mlogc error file is: >> >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to >> 85.159.209.7 (85.159.209.7) port 80 (#0) >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth >> using Basic with user 'aspis' >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT >> /waffle/controller HTTP/1.1 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional >> stuff not fine transfer.c:1037: 0 0 >> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT >> --47dc5277-A-- >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are >> completely uploaded and fine >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or >> later with persistent connection, pipelining supported >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> HTTP/1.1 301 Moved Permanently >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: >> Thu, 22 Jan 2015 15:37:20 GMT >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Server: Apache/2.2.22 (Debian) >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Location: http://XXXXXXXX/waffle/controller/ >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: >> Accept-Encoding >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Content-Length: 324 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> Content-Type: text/html; charset=iso-8859-1 >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN >> <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 >> to host 85.159.209.7 left intact >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with >> status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC >> [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as >> errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP >> response code 301: Moved Permanently >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing >> completed. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to >> server error. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >> locking thread mutex. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >> unlocking thread mutex. >> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread >> completed. >> [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: >> Processing >> >> What could be wrong? >> >> Femitha >> >> >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > > > -- > Grato, > > Tozo > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
From: J. T. <jun...@gm...> - 2015-01-22 17:44:07
|
301 doesnt mean error, means usually you being redirected to a ssl connection. Have you checked the logs in the webserver which waffle's running? On Thu, Jan 22, 2015 at 3:32 PM, Fem Rah <fem...@gm...> wrote: > Could it be some curl issue? > > On Thu, Jan 22, 2015 at 7:49 PM, J. Tozo <jun...@gm...> wrote: > >> Hi >> >> When you accessing directly the endpoint >> http://XXXXXXXX/waffle/controller/ <http://xxxxxxxx/waffle/controller/> it >> shows a 302 answer. to where is it redirected when you try to reach it via >> browser? >> >> On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen < >> ne...@cl...> wrote: >> >>> Hi, >>> >>> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> HTTP/1.1 301 Moved Permanently >>> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Date: Thu, 22 Jan 2015 15:37:20 GMT >>> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Server: Apache/2.2.22 (Debian) >>> > [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Location: http://XXXXXXXX/waffle/controller/ >>> <http://xxxxxxxx/waffle/controller/> >>> > >>> >>> Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc >>> sends >>> the data to your configured WAF-FLE URL but the webserver running >>> WAF-FLE returns >>> a 301 instead of a 200 (or whatever mlogc is expecting). >>> >>> Winni >>> >>> ------------------------------ >>> >>> *From: *"Fem Rah" <fem...@gm...> >>> *To: *"mod-security-users" <mod...@li...> >>> *Sent: *Thursday, January 22, 2015 9:44:40 AM >>> *Subject: *[mod-security-users] mlogc not writing to console >>> >>> Hi, >>> >>> I have been struggling with mlogc to work. I built modsecurity 2.7.7 on >>> debian 7. >>> >>> Now mlogc is not writing to the console., but I can see the data in >>> /var/log/mlogc/data >>> >>> mlogc error file is: >>> >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to >>> 85.159.209.7 (85.159.209.7) port 80 (#0) >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth >>> using Basic with user 'aspis' >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT >>> /waffle/controller HTTP/1.1 >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional >>> stuff not fine transfer.c:1037: 0 0 >>> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT >>> --47dc5277-A-- >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are >>> completely uploaded and fine >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or >>> later with persistent connection, pipelining supported >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> HTTP/1.1 301 Moved Permanently >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Date: Thu, 22 Jan 2015 15:37:20 GMT >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Server: Apache/2.2.22 (Debian) >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Location: http://XXXXXXXX/waffle/controller/ >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Vary: Accept-Encoding >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Content-Length: 324 >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> Content-Type: text/html; charset=iso-8859-1 >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN >>> <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 >>> to host 85.159.209.7 left intact >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned >>> with status "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC >>> [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as >>> errored after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP >>> response code 301: Moved Permanently >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing >>> completed. >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to >>> server error. >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >>> locking thread mutex. >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown >>> unlocking thread mutex. >>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread >>> completed. >>> [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: >>> Processing >>> >>> What could be wrong? >>> >>> Femitha >>> >>> >>> ------------------------------------------------------------------------------ >>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >>> GigeNET is offering a free month of service with a new server in Ashburn. >>> Choose from 2 high performing configs, both with 100TB of bandwidth. >>> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >>> http://p.sf.net/sfu/gigenet >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >>> GigeNET is offering a free month of service with a new server in Ashburn. >>> Choose from 2 high performing configs, both with 100TB of bandwidth. >>> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >>> http://p.sf.net/sfu/gigenet >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >>> >> >> >> -- >> Grato, >> >> Tozo >> >> >> >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > -- Grato, Tozo |
From: Winfried N. <ne...@cl...> - 2015-01-22 17:49:18
|
No, as said it's a configuration issue. A further look even shows what's wrong: [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth using Basic with user 'aspis' [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT /waffle/controller HTTP/1.1 Your mlogc is doing a PUT request on /waffle/controller. The CURL output shows, that it is redirecting to /waffle/controller/. This matches the documentation of WAF-FLE, as it says you should point mlogc to /waffle/controller/ - so basically you are missing the trailing slash. Adding it should fix it. Winni > From: "Fem Rah" <fem...@gm...> > To: "mod-security-users" <mod...@li...> > Sent: Thursday, January 22, 2015 11:32:34 AM > Subject: Re: [mod-security-users] mlogc not writing to console > Could it be some curl issue? > On Thu, Jan 22, 2015 at 7:49 PM, J. Tozo < jun...@gm... > wrote: >> Hi >> When you accessing directly the endpoint http://XXXXXXXX/waffle/controller/ it >> shows a 302 answer. to where is it redirected when you try to reach it via >> browser? >> On Thu, Jan 22, 2015 at 2:14 PM, Winfried Neessen < ne...@cl... > >> wrote: >>> Hi, >>>> [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 >>> > 301 Moved Permanently >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, >>> > 22 Jan 2015 15:37:20 GMT >>>> [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: >>> > Apache/2.2.22 (Debian) >>>> [ Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: >>> > http://XXXXXXXX/waffle/controller/ >>> Either your mlogc configuration or your WAF-FLE setup is wrong. Mlogc sends >>> the data to your configured WAF-FLE URL but the webserver running WAF-FLE >>> returns >>> a 301 instead of a 200 (or whatever mlogc is expecting). >>> Winni >>>> From: "Fem Rah" < fem...@gm... > >>>> To: "mod-security-users" < mod...@li... > >>>> Sent: Thursday, January 22, 2015 9:44:40 AM >>>> Subject: [mod-security-users] mlogc not writing to console >>>> Hi, >>>> I have been struggling with mlogc to work. I built modsecurity 2.7.7 on debian >>>> 7. >>>> Now mlogc is not writing to the console., but I can see the data in >>>> /var/log/mlogc/data >>>> mlogc error file is: >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: connected >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connected to >>>> 85.159.209.7 (85.159.209.7) port 80 (#0) >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Server auth using >>>> Basic with user 'aspis' >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_OUT PUT >>>> /waffle/controller HTTP/1.1 >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: additional stuff not >>>> fine transfer.c:1037: 0 0 >>>> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_OUT >>>> --47dc5277-A-- >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: We are completely >>>> uploaded and fine >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HTTP 1.1 or later with >>>> persistent connection, pipelining supported >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN HTTP/1.1 301 >>>> Moved Permanently >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Date: Thu, >>>> 22 Jan 2015 15:37:20 GMT >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Server: >>>> Apache/2.2.22 (Debian) >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Location: >>>> http://XXXXXXXX/waffle/controller/ >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN Vary: >>>> Accept-Encoding >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>>> Content-Length: 324 >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>>> Content-Type: text/html; charset=iso-8859-1 >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: HEADER_IN >>>> [Thu Jan 22 18:37:20 2015] [5] [12998/7f9a49757100] CURL: DATA_IN <!DOCTYPE HTML >>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] CURL: Connection #0 to host >>>> 85.159.209.7 left intact >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Request returned with status >>>> "301 Moved Permanently": VMEYV38AAAEAADLZA58AAAAC >>>> [Thu Jan 22 18:37:20 2015] [2] [12998/7f9a49757100] Flagging server as errored >>>> after failure to submit entry VMEYV38AAAEAADLZA58AAAAC with HTTP response code >>>> 301: Moved Permanently >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Sleeping for 50 msec. >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker processing completed. >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Shutting down due to server >>>> error. >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown locking >>>> thread mutex. >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker shutdown unlocking >>>> thread mutex. >>>> [Thu Jan 22 18:37:20 2015] [4] [12998/7f9a49757100] Worker thread completed. >>>> [Thu Jan 22 18:37:25 2015] [5] [12998/7f9a49773130] Management thread: >>>> Processing >>>> What could be wrong? >>>> Femitha >>>> ------------------------------------------------------------------------------ >>>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >>>> GigeNET is offering a free month of service with a new server in Ashburn. >>>> Choose from 2 high performing configs, both with 100TB of bandwidth. >>>> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >>>> http://p.sf.net/sfu/gigenet >>>> _______________________________________________ >>>> mod-security-users mailing list >>>> mod...@li... >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>>> http://www.modsecurity.org/projects/commercial/rules/ >>>> http://www.modsecurity.org/projects/commercial/support/ >>> ------------------------------------------------------------------------------ >>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >>> GigeNET is offering a free month of service with a new server in Ashburn. >>> Choose from 2 high performing configs, both with 100TB of bandwidth. >>> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >>> http://p.sf.net/sfu/gigenet >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >> -- >> Grato, >> Tozo >> ------------------------------------------------------------------------------ >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA. >> GigeNET is offering a free month of service with a new server in Ashburn. >> Choose from 2 high performing configs, both with 100TB of bandwidth. >> Higher redundancy.Lower latency.Increased capacity.Completely compliant. >> http://p.sf.net/sfu/gigenet >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |