Re: [mod-security-users] Mod_Security not active for requests without hostname
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Mod_Security not active for requests without hostname
|
From: Ryan B. <RBa...@tr...> - 2010-09-26 14:46:42
|
Are your custom rules using phase 1? If they are using phase 2, then apache is probably denying it in an earlier hook. Sent from my iPhone On Sep 26, 2010, at 5:26 AM, "R.A. Imhoff" <li...@fl...> wrote: > I'm running a server with Apache 2.2 under Ubuntu 10.04, using Virtualmin to manage the virtual servers hosted on it, with Mod_Security 2.5.11-1 installed. > The machine has multiple IPs, and each virtual host uses only one IP. Hence Apache routes requests to a virtual server even when the host name is missing. > The strange behavior is when a request comes in without host name, Apache lists an error in the log for the particular virtual host, for example: > >> client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) > > But there is a mod-sec rule in place that is supposed to blacklist any IP requesting "w00tw00t" (to get block this known probe). > The rule works as expected for requests with a host name, but Mod_Security seems not to see or handle the request when it comes in via the default path, as if none of the directives were taken into account when the host name is missing, yet the request is handled by the virtual server inspite of this. > > I tried adding the same rule (with a different ID), in the httpd.conf, in the "etc/apache2/sites-available/default" and in the conf file for the given virtual host, but none catch it when the request comes without host name. > > This seems to be more a problem with my Apache configuration than with Mod_Security, but I was wondering if there is any way to instruct Apache not to respond at all to requests where the hostname doesn't match the "ServerName" defined in each virtual host's conf ? > > Otherwise it is rather disconcerting that requests without host name get handled unfiltered ... > > Many thanks in advance for any input ! > Robert > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > |
