|
From: Nico H. <nic...@in...> - 2013-06-28 10:27:00
|
<html><head></head><body bgcolor="" style=""><p>Disabling that rule might not help fully, earlier i used to comment those rules, but later realised the importance of it and enabled them back.</p> <p> </p> <p>At 28 Jun 2013 09:34:30 +0000 (UTC) from "Jose Pablo Valcárcel Lázaro" <pab...@gm...>:</p> <blockquote style="margin-left: 10px; padding-left: 10px; border-left: 3px solid #FF6633;" cite="mid:2013774409.98117.1372414285484.JavaMail.tomcat@be02"> <div>Hi Nico. <div>I´m not too pretty sure of how to do it but you can search in your mod_security audit/debug logs for the uniq_id and you will be able to find the mod_security rule number. With that info you could disable that rule on the mod_security rules.</div> <div>I´ll hope this will help you.</div> <div>Regards,</div> </div> <div class="gmail_extra"><br /><br /> <div class="gmail_quote">2013/6/28 Nico Hulkenberg <span><<a href="mailto:nic...@in..." target="_blank">nic...@in...</a>></span><br /> <blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1.0px #cccccc solid; padding-left: 1.0ex;"> <div> <p>Team now i am getting constantly these error msgs updated in both error log and modsec, where in wanted to avoid it appending in all and restrict it to assigned file alone.</p> <p>This kind of update is confusing me to look for apache related error logs</p> <p>Example apache error log</p> <p>[Fri Jun 28 10:55:21 2013] [error] [client 103.21.76.34] ModSecurity: Phase 5 [hostname "<a href="http://www.mydomain.com" target="_blank">www.mydomain.com</a>"] [uri "/index.php/network_routes"] [unique_id "Uc0eQcCoErUAAG31O80AAAAu"]<br /> [Fri Jun 28 10:55:21 2013] [error] [client 182.72.66.10] ModSecurity: Phase 5 [hostname "<a href="http://www.mydomain.com" target="_blank">www.mydomain.com</a>"] [uri "/index.php/network_routes"] [unique_id "Uc0eQcCoErUAAGLazXwAAAAW"]<br /> [Fri Jun 28 10:55:21 2013] [error] [client 115.114.52.1] ModSecurity: Phase 5 [hostname "<a href="http://www.mydomain.com" target="_blank">www.mydomain.com</a>"] [uri "/apx/mmtx/server.php"] [unique_id "Uc0eQcCoErUAAGJDZu4AAABf"]</p> <p>Modsec version : 2.7</p> <p>apache 2.2.3</p> <p>Enviornment : Linux 2.6.32</p> <p>Also wanted to completely switch off the mlogc, could that be possible.</p> <p> </p> <p>Nic</p> </div> <br />------------------------------------------------------------------------------<br /> This SF.net email is sponsored by Windows:<br /> <br /> Build for Windows Store.<br /> <br /> <a href="http://p.sf.net/sfu/windows-dev2dev" target="_blank">http://p.sf.net/sfu/windows-dev2dev</a><br />_______________________________________________<br /> mod-security-users mailing list<br /> <a href="mailto:mod...@li..." target="_blank">mod...@li...</a><br /> <a href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br /> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:<br /> <a href="http://www.modsecurity.org/projects/commercial/rules/" target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br /> <a href="http://www.modsecurity.org/projects/commercial/support/" target="_blank">http://www.modsecurity.org/projects/commercial/support/</a></blockquote> </div> </div> </blockquote></body></html> |
