[mod-security-users] modsecurity and goodrot
Brought to you by:
victorhora,
zimmerletw
From: listadecorreo <lis...@sb...> - 2010-03-21 07:43:53
|
Helo, I'm using CentOS release 5.4 and modsecurity-apache_2.5.12 with reverse proxy. Mod Security work fine, but i'd like add rules of goodrot. My configuration is: Client desktop ---> reverse proxy ---> web server 192.168.100.3 192.168.100.30 192.168.100.31 CentOS 5.4 Debian Squeeze To add the rules do the following... [root@reverseproxy modsecurity]# wget http://downloads.prometheus-group.com/delayed/rules/modsec/10_asl_antimalware.conf [root@reverseproxy modsecurity]# wget http://downloads.prometheus-group.com/delayed/rules/modsec/malware-blacklist.txt [root@reverseproxy modsecurity]# mv 10_asl_antimalware.conf modsecurity_crs_18_asl_antimalware.conf [root@reverseproxy modsecurity]# touch /etc/httpd/conf/modsecurity/malware-exclusion-local.txt I add a local desktop to block, but don't work [root@reverseproxy modsecurity]# echo "192.168.100.3/" >> malware-blacklist.txt [root@reverseproxy modsecurity]# service httpd restart When I lod the web, he say: root@webserver:~# tail -f /var/log/apache2/access.log 192.168.100.30 - - [21/Mar/2010:09:15:50 +0100] "GET /error/noindex.html HTTP/1.1" 404 511 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.2; es-ES; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)" If I disable the rules of gootrot, all works fine [root@reverseproxy modsecurity]# mv modsecurity_crs_18_asl_antimalware.conf /root/ [root@reverseproxy modsecurity]# service httpd restart what is the problem ? Thanks and excuseme by my poor english |