Re: [mod-security-users] (no subject)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] (no subject)
|
From: MARTIN, J. (ATTSI) <JM...@at...> - 2010-10-04 20:31:55
|
Could running mod_security be causing your system to run out of memory? That is the only way I can think of for it to cause the listed behavior. -Jason Martin --------- From: TO...@we... [mailto:TO...@we...] Sent: Saturday, October 02, 2010 1:23 AM To: mod...@li... Subject: [mod-security-users] (no subject) Hallo I have installed mod security on my Apache Webserver. After that I have tried if mod security works fine. So I tried this to simulate an Injection. When I try this my Webserver isr unreachable. My http and ssh Session to the Webserver are closed and I have to reboot the Webserver. So what happend ? I have no Idea ? This is what the Log say: --b2e4d027-F-- HTTP/1.1 501 Method Not Implemented Allow: TRACE Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2e4d027-H-- Message: Access denied with code 501 (phase 2). Pattern match "(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'"\|\;\`\-\s]|$))" at ARGS:a. [file "/etc/apache2/rulesets/modsecurity_crs_40_generic_attacks.conf"] [line "144"] [id "950907"] [msg "System Command Injection"] [data "wget"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] Action: Intercepted (phase 2) Stopwatch: 1285937680234156 80961 (41534 80080 -) Producer: ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/); core ruleset/1.6.1. -b2e4d027-Z-- 144 "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB _ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'" Can You help me ? Sorry for my very bad English. I hope I can explain my Problem ! Thank you for help sxx128 WEB.DE DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit gratis Notebook-Flat! http://produkte.web.de/go/DSL_Doppel_Flatrate/2 |
