Re: [mod-security-users] Why doesn't my mod_security catch / log anything?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Why doesn't my mod_security catch / log anything?
|
From: Ryan B. <RBa...@tr...> - 2011-03-16 13:07:26
|
On 3/16/11 8:48 AM, "Emre Sevinc" <emr...@gm...> wrote: >On Wed, Mar 16, 2011 at 1:28 PM, Josh Amishav-Zlatin <ja...@gm...> >wrote: >> Not directly related, but it looks like you installed a really old >> version of modsecurity. > >My operating system is Ubuntu (Lucid) 10.04.2 LTS and according to >package information the installed mod-security version and >libapache-mod-security packages are: > > http://packages.ubuntu.com/lucid/mod-security-common > http://packages.ubuntu.com/lucid/libapache-mod-security > >That is version 2.5.11-1 for both of them. I installed modsecurity >from the Ubuntu repositories. Can this really be a problem? > >> The most recent version is 2.5.13. Lots has >> changed, for example the SecFilter directive you use is no longer >> supported. > >Oh, I didn't know that! https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=FAQ#How _do_I_migrate_my_rules_from_the_ModSecurity_1.x_format_into_the_2.x_format. 3F >Thank you. How should I change it to test if >mod_security catches some requests, denies them and log this into the >relevant file? Here is an example attack request sent to the CRS demo page that triggers a bunch of alerts - http://www.modsecurity.org/demo/phpids?test=%3Cscript%3Ealert%28document.co okie%29%3C%2Fscript%3E You can send this same URL to your host and it should generate some alerts. -Ryan |
