Dear Felipe Costa,
I have one sample rule in modsecurity.conf. Also tried with some test rules in modsecurity.conf. That itself is not working for me.
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
If that works fine, I thought of applying the core rule set.
We are facing the same issues while compiled modsecurity 2.7.5 with IBM HTTP web server. After the module is loaded in apache.conf, the site itself is not loading. But the same is working fine with the rules for modsecurity 2.6.
It seems to me that the ModSecurity was loaded successfully as Apache is reporting in the log files, however
you rules were not been applied. Can you check with the Core Rule Set (CRS)?
On Nov 22, 2013, at 5:08 AM, Abhilash Chittathukatil04 <Abhilash_C04@infosys.com>
I have installed Modsecurity 2.7.5 properly but sample Rules are not working for me.
Following are the settings. Please let me know any other users are experiencing the issues.
OS is RHEL6.3 and I am trying with native Apache webserver.
1.Compiled the modsecurity using configure, make,make install
2.Copied the mod_security2.so to /etc/httpd/modules/
3. Made the following entries in httpd.conf
Under LoadModule session ofhttpd.conf
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
under ifmodule section httpd.conf
4. /etc/httpd/modsecurity/modsecurity.conf is attached herwith.
5. Restarted the httpd service and log is saying module has been loaded properly.
[Wed Nov 20 12:53:39 2013] [notice] ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/) configured.
[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Wed Nov 20 12:53:39 2013] [notice] ModSecurity: LIBXML compiled version="2.7.6"
Then tried accessing the webserver like http://<IP of machine>//?abc=../../.
But none of the sample rules are working and audit log is not generating. Please help.
**************** CAUTION - Disclaimer *****************This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solelyfor the use of the addressee(s). If you are not the intended recipient, pleasenotify the sender by e-mail and delete the original message. Further, you are notto copy, disclose, or distribute this e-mail or its contents to any other person andany such actions are unlawful. This e-mail may contain viruses. Infosys has takenevery reasonable precaution to minimize this risk, but is not liable for any damageyou may sustain as a result of any virus in this e-mail. You should carry out yourown virus checks before opening the e-mail or attachment. Infosys reserves theright to monitor and review the content of all messages sent to or from this e-mailaddress. Messages sent to or from this e-mail address may be stored on theInfosys e-mail system.***INFOSYS******** End of Disclaimer ********INFOSYS***
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.