Re: [mod-security-users] args ignored in POST - filter question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] args ignored in POST - filter question
|
From: Stephen C. E. <ste...@gm...> - 2008-07-01 16:01:53
|
Hi Kamil,
The best way to solve your problem is to enable debugging, crank it up
to top level:
SecDebugLog /etc/modsecurity/logs/modsec_debug.log
SecDebugLogLevel 9
Go to the page that's causing the problem.
Restart Apache.
Clear your browser cache; reload the page.
Examine the debug file. It won't be very big. You'll see exactly
what's going on.
Whenever debugging, it's best to have only the minimal amount in the
debug file as it can get large quickly. In Linux, just erase the debug
log file ('rm -f ...') and create a new blank one ('touch ...'), then
restart Apache and reproduce the problem.
Stephen
On Tue, Jul 1, 2008 at 10:28 PM, <Kam...@bd...> wrote:
> Hi,
> I have modsecurity 2.2.5 with apache 2.2.3 in reverse proxy setup. I
> can create rules for arguments passed directly in URL but my rules are
> not triggered by argument sent by post.
>
> The following rules works well for URL in format
> https://server.com/path_to_file/file.with.dots sent by GET/POST methods
> with argument, ie.
> https://server.com/path_to_file/file.with.dots?lng=foo.
> But once I send the argument in body of request, it is not detected on
> server. I tried to play with phase:1, phase:2 in rules but I it gave the
>
> same result. I tried also REQUEST_BODY without success. It seems my
> proxy ignore the body of the request. What do I wrong?
>
> Thanks
>
> Kamil
>
>
> My config:
> ----------------
> ProxyRequests Off
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPreserveHost on
> ProxyPass /path123/ http://127.0.0.3:8080/path123/
>
> SecRuleEngine On
> SecRequestBodyAccess On
> SecResponseBodyAccess Off
> SecRequestBodyInMemoryLimit 131072
> SecRequestBodyLimit 131072
>
> SecDefaultAction "phase:2,log,auditlog,deny,status:500"
>
> SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \
> "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments
> ARGS_NAMES=%{ARGS_NAMES}'"
> SecRule ARGS_NAMES "!^(call|page|session)$"
>
> SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \
> "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments
> ARGS_NAMES=%{ARGS_NAMES}'"
> SecRule ARGS:lng "!^(cz|en)$"
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
|
