Re: [mod-security-users] Help (Mistake with Mod_security blocking list)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Help (Mistake with Mod_security blocking list)
|
From: Ted T. <tal...@ho...> - 2019-05-03 09:54:03
|
Hi Christian No sir, my question is based on only your tutorial. The point is that having html response does not mean it is blocked, rather it means opposite. Since in <title> you can write anything, which (403 Forbidden) is different from what you wrote as "We want to respond to such a request with HTTP status 403." <title>403 Forbidden</title> In short, we see no blocking (HTTP status 403) in <Step 7: Trying out the blockade>. https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/ Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? www.netnea.com Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? www.netnea.com ________________________________ From: Christian Folini <chr...@ne...> Sent: Friday, May 3, 2019 8:52 AM To: mod...@li... Subject: Re: [mod-security-users] Help (Mistake with Mod_security blocking list) Hi Ted, You may want to share your configuration with us so we can understand, why it is not blocking. You did add the rule to block this, did not you? Cheers, Christian On Fri, May 03, 2019 at 08:44:56AM +0000, Ted Talaiti wrote: > Hello > > In following tutorial, you wrote "access to a specific URI on the server is blocked. We want to respond to such a request with HTTP status 403." > when you try out with blockade, > > $> curl http://localhost/phpmyadmin > > It didn't block (since no such HTTP status 403), rather the access is allowed to the URI. > > https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > www.netnea.com<http://www.netnea.com> > > Please correct me if I am wrong. > Regards > > > > ________________________________ > From: Ted Talaiti <tal...@ho...> > Sent: Thursday, April 25, 2019 3:20 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi thanks for your reply. > But there is no information of exporting /importing modsecurity /CRS from server /linux to another. > Please shed some light. > Thanks a lot. > ________________________________ > From: Christian Folini <chr...@ne...> > Sent: Thursday, April 25, 2019 12:56:25 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi Ted, > > I suggest you take a peek at the detailed tutorials at > https://netnea.com/apache-tutorials > > They are meant to cover your use case. > > Best, > > Christian > > > On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > > Hello > > > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > > > Thanks a lot for your attention. > > Sincerely > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
