|
From: Christian F. <chr...@ne...> - 2018-12-05 05:00:26
|
Hey Mike, Now should there be any log/error messages? Do you have any rules installed at all? Also: The messages that you sent show an incompatibility problem with APR and PCRE. This is an issue and you should fix it. Feeling lost, you may want to turn to the tutorials at https://netnea.com/apache-tutorials/ They provide you with a step by step introduction to ModSecurity. You do not need to follow the self-compilation approach of the tutorials. But the first examples will at least tell you what to expect in the log files. Good luck, Christian On Wed, Dec 05, 2018 at 12:32:06PM +0800, Mike Lieberman wrote: > I have an apache2 install and have had three virtual hosts running on the > site successfully for other three years. > > I installed modsecurity on Linux Mint 18.3.. > > THERE ARE NO error messages. > > > > my@FamilyServer /var/log/apache2 # apachectl -M | grep --color security > > security2_module (shared) > > > > The mode security log shows no errors. > > > > The apache2 error log does show an error, but I had read it is not a > problem. See log snippet below in this email. > > There are three virtual host config files... identical in sites-available > and sites allowed. > > http requests for all three URLs "work," by that there are no error > messages, no 403 or 404. > > Typing the URL's for two result in correct results. > > Typing in the URL for the third displays one of the other sites. This NEVER > HAPPENED until modsecurity was installed. > > > > I am lost and don't even know where to look. > > > > [Wed Dec 05 11:31:38.000649 2018] [:notice] [pid 6194] ModSecurity for > Apache/2.9.0 (http://www.modsecurity.org/) configured. > > [Wed Dec 05 11:31:38.000852 2018] [:notice] [pid 6194] ModSecurity: APR > compiled version="1.5.1"; loaded version="1.5.2" > > [Wed Dec 05 11:31:38.000864 2018] [:warn] [pid 6194] ModSecurity: Loaded APR > do not match with compiled! > > [Wed Dec 05 11:31:38.000876 2018] [:notice] [pid 6194] ModSecurity: PCRE > compiled version="8.35 "; loaded version="8.41 2017-07-05" > > [Wed Dec 05 11:31:38.000901 2018] [:warn] [pid 6194] ModSecurity: Loaded > PCRE do not match with compiled! > > [Wed Dec 05 11:31:38.000910 2018] [:notice] [pid 6194] ModSecurity: LUA > compiled version="Lua 5.1" > > [Wed Dec 05 11:31:38.000919 2018] [:notice] [pid 6194] ModSecurity: YAJL > compiled version="2.1.0" > > [Wed Dec 05 11:31:38.000928 2018] [:notice] [pid 6194] ModSecurity: LIBXML > compiled version="2.9.2" > > [Wed Dec 05 11:31:38.001043 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call: "2.9.0,Apache/2.4.18 (Ubuntu),1.5.1/1.5.2,8.35/8.41 > 2017-07-05,Lua 5.1,2.9.2,139cd0575fbb1eb666d44f3080f7c68a40ce8da9" > > [Wed Dec 05 11:31:38.238158 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call successfully sent. For more information visit: > http://status.modsecurity.org/ > > [Wed Dec 05 11:31:39.010423 2018] [mpm_prefork:notice] [pid 6195] AH00163: > Apache/2.4.18 (Ubuntu) configured -- resuming normal operations > > [Wed Dec 05 11:31:39.010518 2018] [core:notice] [pid 6195] AH00094: Command > line: '/usr/sbin/apache2' > > > > Here are the contents of the two virtual host files which are at issues. > > > > <VirtualHost www.gensanexpat.org:80> > > ServerAdmin mi...@ne... > > ServerName www.gensanexpat.org > > NameVirtualHost www.gensanexpat.org > > ServerAlias gensanexpat.org > > DocumentRoot /var/www/html/gensan > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/gensan.log combined > > </VirtualHost> > > > > <VirtualHost www.netwright.net:80> > > ServerAdmin mi...@ne... > > ServerName www.netwright.net > > NameVirtualHost www.netwright.net > > ServerAlias netwright.net > > DocumentRoot /var/www/html > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/nw.log combined > > </VirtualHost> > > > > AND here is the contents of the nw.log file! > > my@FamilyServer /var/log/apache2 # cat nw.log > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET / HTTP/1.1" 200 967 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 476 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 > Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET / HTTP/1.1" 200 966 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 475 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 > Safari/537.36" > > > > =========================== > > Michael "Mike" Lieberman | <http://lieberman.blog.netwright.net:7080/> Blog > > Purok 13, Morales Subd. > Brgy Mabuhay, General Santos City, 9500 Philippines > <https://map.what3words.com/overexposed.pedestals.rakes> See MAP > > Cell: <tel:%2B63%20%28917%29%20358-1442> +63 (917) 311-0674 (Voice and > Text) > LandLine: <tel:%2B63%20%2883%29%20552-1153> +63 (083) 887-2154 (Voice > Only) > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
