Re: [mod-security-users] Issue with ModSecurity and my proxy
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Issue with ModSecurity and my proxy
|
From: Felipe C. <FC...@tr...> - 2019-02-05 17:15:50
|
Hi, ModSecurity uses libCurl to download the rules. If it works with the command line `curl', it is likely to work with the library as well. Make sure that the proxy variable is also set for your httpd user. During the startup process, Apache may change users losing the environment variables that you have set in your console. Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity m: +55 81.98706.5547 [signature_480191669] www.trustwave.com<http://www.trustwave.com/> Recognized by industry analysts as a leader in managed security services.<https://www.trustwave.com/company/about-us/accolades/> ________________________________ From: service maintenanceinfotel <ser...@ms...> Sent: Monday, February 4, 2019 3:10:47 PM To: mod...@li... Cc: FONTVIELLE Thibault; Ben...@co...; Mic...@co... Subject: [mod-security-users] Issue with ModSecurity and my proxy Hello Community, Here’s my problem : The server where I have to install ModSecurity must pass by a proxy server to join internet Therefore, I configure this on my debian : export http_proxy=http://myproxy.com:8080 export https_proxy=http://myproxy.com:8080 Then, ModSecurity has to download the https://dashboard.modsecurity.org/rules/download/plain<https://scanmail.trustwave.com/?c=4062&d=gPnY3CFFaGiyHevQZVijsBqHuTG8GzOh4-c8x8Yz9Q&s=5&u=https%3a%2f%2fdashboard%2emodsecurity%2eorg%2frules%2fdownload%2fplain> Here’s what happen on my WAF server when I reload apache2 : [cid:image001.jpg@01D4BC9F.381D4010] We have a TCP RETRANSMISSION But when I try to wget on this link, it works : [cid:image002.jpg@01D4BC9F.381D4010] It takes into account my export http_proxy from before And If I try this wget on my proxy server, of course it works : [cid:image003.jpg@01D4BC9F.381D4010] My proxy doesn’t block the link When I reload apache and tshark the 443 on my proxy, I don’t see anything : no accept, no reject etc… There’s nothing between my proxy and my WAF My theory is that ModSecurity does not take into account the proxy rules I’ve set on my debian OS So, If you don’t see any other source about my problem, my main question is : How to force ModSecurity to pass by my proxy to download and synchronize the rules ? Thank you for your help Regards, BC Ce message est confidentiel. Son contenu ne represente en aucun cas un engagement de la part de la Mutuelle Saint-Christophe assurances sous reserve de tout accord conclu par ecrit entre vous et la Mutuelle Saint-Christophe assurances. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur. This message is confidential. Its contents do not constitute a commitment by Mutuelle Saint-Christophe assurances except where provided for in a written agreement between you and Mutuelle Saint-Christophe assurances. Any unauthorised disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. |
