Re: [mod-security-users] DirectAdmin Implementation not as expected
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] DirectAdmin Implementation not as expected
|
From: Felipe C. <FC...@tr...> - 2015-03-23 12:40:47
|
Hi Christopher, In your error logs, is there the exactly same phrase for SecStatusEngine On and Off? Or a different phrase? Do you mind to check if your configuration are really being loaded and/or check if those values are not being rewrite by any other configuration file? Br, Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Christopher Stanley <ch...@st...<mailto:ch...@st...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Friday, March 20, 2015 at 2:39 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Cc: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [mod-security-users] DirectAdmin Implementation not as expected Hey, I just installed ModSecurity 2.8 using the Custom Scripts with DirectAdmin. I have used ModSecurity in the past with no problem. However, I am encountering something weird. When I install it and enable it I get the following output in the error_log: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/)<http://scanmail.trustwave.com/?c=4062&d=hOCM1aGdqW9GVCIsPO9chNEx-SXEq5i25bUNvZNDIA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2f%29> configured. ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1" ModSecurity: PCRE compiled version="8.20 "; loaded version="8.20 2011-10-21" ModSecurity: LIBXML compiled version="2.9.2" Status engine is currently disabled, enable it by set SecStatusEngine to On. Which is fine, (but weird, because when I Type SecStatusEngine On, the last line still exists) however when I include the experimental rule for combating slow-loris attacks normally in the past I will get an entry in the log about: Client Connection Dropped due to high # of slow DoS alerts However this is not the case when installing it with DirectAdmin, when I attack my server with a slow-loris attack I am getting the following error instead: AH00485: scoreboard is full, not at MaxRequestWorkers AH00484: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting And when I visit the page, the page times out. It's almost as if ModSecurity isn't caching it, and allowing the timeout to occur. Anyone have any ideas as to what could be causing ModSecurity to behave in this manner? Oh, and I do have mod_reqtimeout installed. Thanks, Christopher ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
