|
From: Derek & V. <the...@gm...> - 2014-08-16 11:06:27
|
File is located inside the /opt/chroot/usr/share/php dir & even hard coded the path to the file in effort to sort this out. Will have to see about enabling mod_security logs to see if I can get mod security to tell me what its doing. On 08/15/2014 11:56 PM, Felipe Costa wrote: > Hi Derek, > > Make sure you have the file that you want to access inside the chroot > directory and your application is looking in the correct path. > > More information about SecChrootDir is available here: > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecChrootDir > > > Br., > > *Felipe "Zimmerle" Costa* > > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com <http://www.trustwave.com/> > > > > From: Derek Werthmuller <the...@gm... > <mailto:the...@gm...>> > Reply-To: "mod...@li... > <mailto:mod...@li...>" > <mod...@li... > <mailto:mod...@li...>> > Date: Friday, August 15, 2014 6:03 PM > To: "mod-security-d." <mod...@li... > <mailto:mod...@li...>> > Subject: [Mod-security-developers] phpcurl not working inside a apache > SecChrootDir mod_security environment > > I use mod_security to add a layer of security for my web servers. All > servers are configured with at least SecChrootDir, production edge > servers make use of the OWASP rule sets. > > We are developing new applications with Google api for php and running > into problems with this library running under our development servers > that only make use of the SecChrootDir function of mod_security. Even > have SecRuleEngine Off to see if that makes a difference. > > The particular part of the Google api library that we can't get to > work when mod_security SecChrootDir is enabled is the certificate > verification process. During this process the php process needs to > open a certificate file that is located outside the webroot. We get a > vague access denied and or file not found error for the cert file. > The permissions are set of the cert file (a public cert chain file) > so that any user on the system can read and execute the file. The > function php is using the curl to access the file. > We have verified the SElinux is not restricting access to the file, > php safe_mode, or PHP open_basedir. > Two solutions could be to: > I suspect that I could put the public cert file in a web accessible > location but then I'd need to modify the google api code, > Or link from a webroot location to the true location but prefer not > to enable links for the webserver > The version of Mod security is mod_security-2.7.3-3 apache 2.2 > Any thoughts advice? Configuration changes? > Thanks > Derek > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the > sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
