[mod-security-users] I'm a beginner and need your help.
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] I'm a beginner and need your help.
|
From: Jason L. <hac...@ya...> - 2020-08-25 17:54:35
|
Hello,I'm using LAMP on CentOS 8. I installed a WordPress and PhpMyadmin. I created a Virtualhost for WordPress as below:
# cat /etc/httpd/conf.d/wp.conf <VirtualHost *:80>ServerAdmin root@localhostServerAlias www.mymy.netDocumentRoot /var/www/wordpress<Directory "/var/www/wordpress">Options Indexes FollowSymLinksAllowOverride allRequire all granted</Directory>ErrorLog /var/log/httpd/wordpress_error.logCustomLog /var/log/httpd/wordpress_access.log common</VirtualHost>
I installed the Mod_security and its configuration is:
$ cat /etc/httpd/conf.d/mod_security.conf
<IfModule mod_security2.c># Default recommended configuration
SecRuleEngine OnSecRequestBodyAccess OffSecRule REQUEST_HEADERS:Content-Type "text/xml" \"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"# SecRequestBodyLimit 13107200SecRequestBodyNoFilesLimit 131072
SecRequestBodyNoFilesLimit 10000000
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"SecRule MULTIPART_STRICT_ERROR "!@eq 0" \"id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess Off
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/httpd/modsec_audit.logSecArgumentSeparator & SecCookieFormat 0SecTmpDir /var/lib/mod_security
SecDataDir /var/lib/mod_security
# ModSecurity Core Rules Set and Local configuration
IncludeOptional modsecurity.d/*.confIncludeOptionalmodsecurity.d/activated_rules/*.conf
IncludeOptionalmodsecurity.d/local_rules/*.conf</IfModule>
When I want to import database via PhpMyadmin then it show me an error:
# cat modsec_audit.log--1b44395e-H--Apache-Error: [file "mod_autoindex.c"] [line 2329] [level 3] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php,index.php) found, and server-generated directory index forbidden by Options directiveStopwatch: 1598359137900184 2090 (- - -)Stopwatch2: 1598359137900184 2090; combined=49, p1=4, p2=35, p3=0, p4=0, p5=10, sr=0, sw=0, l=0, gc=0Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/).Server: ApacheEngine-Mode: "ENABLED"
And also error about "MULTIPART_BOUNDARY" .
Apache configuration is:
<Directory /> AllowOverride none Require all denied</Directory><Directory "/var/www"> AllowOverride None # Allow open access: Require all granted</Directory>
<Directory "/var/www/html"> Options FollowSymLinks
AllowOverride None
Require all granted</Directory>
TraceEnable offServerSignature OffServerTokens ProdSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder onSSLCompression offSSLSessionTickets offTimeOut 60Header always append X-Frame-Options SAMEORIGINHeader set X-XSS-Protection "1; mode=block"Header set X-Content-Type-Options nosniffErrorDocument 500 "Oh sorry dear."FileETag MTime KeepAlive On MaxKeepAliveRequests 100 MaxConnectionsPerChild 1000 UseCanonicalName Off LimitInternalRecursion 5 LimitRequestFields 500 AcceptPathInfo OffMaxRanges 100KeepAliveTimeout 4# ModulesLoadModule reqtimeout_module modules/mod_reqtimeout.soLoadModule headers_module modules/mod_headers.soRequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
Please help me to solve this problem.
Thank you.
|
