On Tue, Oct 29, 2013 at 5:52 PM, Daniele Gallarato <daniele.gallarato@email.it> wrote:
Hi Daniele,

What rules are you running? If your running the OWASP Core Rule Set, try configuring the rules to use anomaly scoring mode.

Hello Josh.
Thanks for your reply.
I'm new to modsecurity, but I've installed:

ii  modsecurity-crs                      2.2.0-1                           modsecurity's Core Rule Set

 

Hi Daniele,

I would highly recommend upgrading your modsecurity version due to known security issues. What were the problems you hit when you tried to install from source? On Ubuntu you'll need to install libcurl3-dev liblua5.1-dev libxml2-dev beforehand.
 
I have

SecDefaultAction "phase:2,pass,nolog,noauditlog"



Make sure the rule 900004 is uncommented so that the tx.anomaly_score_blocking variable is enabled as well.

--
 - Josh
 

Thanks

Daniele


--
 - Josh
 
I've read many posts, I've tried different configurations, with no results.
My conf now is:

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

SecAuditLogParts ABIDEFGHZ#SecAuditLogParts ABIJDEFHZ

SecDefaultAction "nolog,noauditlog,pass,phase:2"

SecAuditLogType Concurrent

SecAuditLogStorageDir /var/log/apache2/mlogc/data

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"


Into waf-fle I can see all transactions.

My modsecurity version is:


ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                  Tighten web applications security for Apache


I've tried to install 2.7 version from source, with no luck.


Any suggestion will be appreciated.


Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/