Re: [mod-security-users] Testing modsecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Testing modsecurity
|
From: Chaim S. <ch...@ch...> - 2019-03-25 18:39:42
|
You probably don't have the rule engine in the blocking state. Generally this means changing the SecRuleEngine directive to 'On'. For more details see https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine. Let me know if that helps. On Mon, Mar 25, 2019 at 12:43 PM Monah Baki <mon...@gm...> wrote: > Hi all, > > Testing modsecurity, if I enter the IP address of the server, I get the > following: > > [Mon Mar 25 12:34:02.300806 2019] [:error] [pid 14540] [client > 192.168.1.11:57650] [client 192.168.1.11] ModSecurity: Warning. Pattern > match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file > "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] > [line "798"] [id "920350"] [msg "Host header is a numeric IP address"] > [data "192.168.1.2"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag > "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag > "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag > "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname > "192.168.1.2"] [uri "/favicon.ico"] [unique_id "XJkC@tolWxi51pCyjt7yHwAAAAI"], > referer: http://192.168.1.2/ > > > I created a a test /etc/passwd in my root documentfolder, but I can still > access the file, I read on a website this would be a simple test, am I > missing something > > > Thanks > Monah > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- -- Chaim Sanders http://www.ChaimSanders.com |
