Re: [mod-security-users] Why doesn't my mod_security catch / log anything?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Why doesn't my mod_security catch / log anything?
|
From: Josh Amishav-Z. <ja...@gm...> - 2011-03-16 13:06:37
|
On Wed, Mar 16, 2011 at 2:48 PM, Emre Sevinc <emr...@gm...> wrote: > On Wed, Mar 16, 2011 at 1:28 PM, Josh Amishav-Zlatin <ja...@gm...> wrote: >> Not directly related, but it looks like you installed a really old >> version of modsecurity. > > My operating system is Ubuntu (Lucid) 10.04.2 LTS and according to > package information the installed mod-security version and > libapache-mod-security packages are: > > http://packages.ubuntu.com/lucid/mod-security-common > http://packages.ubuntu.com/lucid/libapache-mod-security > > That is version 2.5.11-1 for both of them. I installed modsecurity > from the Ubuntu repositories. Can this really be a problem? Hi Emre, 2.5.11 is fine, I misread your config snippet. > >> The most recent version is 2.5.13. Lots has >> changed, for example the SecFilter directive you use is no longer >> supported. > > Oh, I didn't know that! Thank you. How should I change it to test if > mod_security catches some requests, denies them and log this into the > relevant file? Try: SecRule REQUEST_URI "cgi-bin" deny,log,auditlog,status:500 -- - Josh |
