Thread: [mod-security-users] nginx+mod_security+OWASP_rules
Brought to you by:
victorhora,
zimmerletw
From: Anton O. <ao...@ix...> - 2013-01-31 07:46:42
|
Hello ModSecurity Developers/Users. I'm using nginx with mod_security with OWASP rules nginx -V nginx version: nginx/1.2.0 built by gcc 4.2.1 20070719 [FreeBSD] configure arguments: --add-module=../modsecurity-apache_2.7.1/nginx/modsecurity/ Questions: 1) I have 10 sites on my nginx and can not see in error.log *SiteName(Full URI) *for which the rule applies 2013/01/31 09:58:43 [info] 34380#0: [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/bonuses/cards_6.jpg"] [unique_id "12345"] 2013/01/31 10:01:16 [info] 14639#0: [client XX.XX.XX.XX ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/"] [unique_id "12345"] 2013/01/31 10:01:21 [info] 31646#0: [client XX.XX.XX.XX ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "standalone"] [uri "/favicon.ico"] [unique_id "12345"] 2) IF I use error.log for each site I just see records like that No any records about mod_security records 2013/01/31 10:27:05 [info] 34380#0: *147235 kevent() reported that client XX.XX.XX.XX closed keepalive connection (54: Connection reset by peer) 2013/01/31 10:27:05 [info] 34380#0: *147220 kevent() reported that client XX.XX.XX.XX closed keepalive connection (54: Connection reset by peer) 2013/01/31 10:28:00 [info] 30378#0: *147326 kevent() reported that client XX.XX.XX.XX closed keepalive connection What should I do to see it in error.log? -- С Уважением, Онищенко Антон т.(495) 648-60-07 ao...@ix... (R) |