Hi Daniele,

I would highly recommend upgrading your modsecurity version due to known security issues. What were the problems you hit when you tried to install from source? On Ubuntu you'll need to install libcurl3-dev liblua5.1-dev libxml2-dev beforehand.

Hello Josh.
Errors are: 

configure: looking for Apache module support via DSO through APXS

configure: error: couldn't find APXS
 

Make sure the rule 900004 is uncommented so that the tx.anomaly_score_blocking variable is enabled as well.

yes is uncommented:

# If you want to use anomaly scoring mode, then uncomment this line.

#

SecAction \

  "id:'900004', \

  phase:1, \

  t:none, \

  setvar:tx.anomaly_score_blocking=on, \

  nolog, \

  pass"



But transactions are logged yet.

Thanks
Daniele


 

--
 - Josh
 

Thanks

Daniele


--
 - Josh
 
I've read many posts, I've tried different configurations, with no results.
My conf now is:

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

SecAuditLogParts ABIDEFGHZ#SecAuditLogParts ABIJDEFHZ

SecDefaultAction "nolog,noauditlog,pass,phase:2"

SecAuditLogType Concurrent

SecAuditLogStorageDir /var/log/apache2/mlogc/data

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"


Into waf-fle I can see all transactions.

My modsecurity version is:


ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                  Tighten web applications security for Apache


I've tried to install 2.7 version from source, with no luck.


Any suggestion will be appreciated.


Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/