Re: [mod-security-users] Testing modsecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Testing modsecurity
|
From: Monah B. <mon...@gm...> - 2019-03-28 14:53:18
|
Got it to block IP by uncommenting in crs-setup.conf SecDefaultAction "phase:1,log,auditlog,deny,status:403" SecDefaultAction "phase:2,log,auditlog,deny,status:403" On Mon, Mar 25, 2019 at 2:42 PM Chaim Sanders <ch...@ch...> wrote: > You probably don't have the rule engine in the blocking state. Generally > this means changing the SecRuleEngine directive to 'On'. For more details > see > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine. > Let me know if that helps. > > On Mon, Mar 25, 2019 at 12:43 PM Monah Baki <mon...@gm...> wrote: > >> Hi all, >> >> Testing modsecurity, if I enter the IP address of the server, I get the >> following: >> >> [Mon Mar 25 12:34:02.300806 2019] [:error] [pid 14540] [client >> 192.168.1.11:57650] [client 192.168.1.11] ModSecurity: Warning. Pattern >> match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file >> "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] >> [line "798"] [id "920350"] [msg "Host header is a numeric IP address"] >> [data "192.168.1.2"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag >> "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag >> "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag >> "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname >> "192.168.1.2"] [uri "/favicon.ico"] [unique_id "XJkC@tolWxi51pCyjt7yHwAAAAI"], >> referer: http://192.168.1.2/ >> >> >> I created a a test /etc/passwd in my root documentfolder, but I can still >> access the file, I read on a website this would be a simple test, am I >> missing something >> >> >> Thanks >> Monah >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > > > -- > -- > Chaim Sanders > http://www.ChaimSanders.com > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
