Re: [mod-security-users] I'm a beginner and need your help.
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] I'm a beginner and need your help.
|
From: Christian F. <chr...@ne...> - 2020-08-25 18:25:12
|
Hey Jason,
This is an apache error that is also reported in the ModSecurity Audit Log.
The original error message is in the Apache Error Log.
I suggest you disable ModSecurity for the time being and fix this
misconfiguration before you bring in ModSec again.
Regs,
Christian
On Tue, Aug 25, 2020 at 05:54:16PM +0000, Jason Long via mod-security-users wrote:
> Hello,I'm using LAMP on CentOS 8. I installed a WordPress and PhpMyadmin. I created a Virtualhost for WordPress as below:
> # cat /etc/httpd/conf.d/wp.conf <VirtualHost *:80>ServerAdmin root@localhostServerAlias www.mymy.netDocumentRoot /var/www/wordpress<Directory "/var/www/wordpress">Options Indexes FollowSymLinksAllowOverride allRequire all granted</Directory>ErrorLog /var/log/httpd/wordpress_error.logCustomLog /var/log/httpd/wordpress_access.log common</VirtualHost>
>
> I installed the Mod_security and its configuration is:
> $ cat /etc/httpd/conf.d/mod_security.conf
> <IfModule mod_security2.c># Default recommended configuration
> SecRuleEngine OnSecRequestBodyAccess OffSecRule REQUEST_HEADERS:Content-Type "text/xml" \"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"# SecRequestBodyLimit 13107200SecRequestBodyNoFilesLimit 131072
> SecRequestBodyNoFilesLimit 10000000
> SecRequestBodyInMemoryLimit 131072
> SecRequestBodyLimitAction Reject
> SecRule REQBODY_ERROR "!@eq 0" \
> "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"SecRule MULTIPART_STRICT_ERROR "!@eq 0" \"id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
> failed strict validation: \
> PE %{REQBODY_PROCESSOR_ERROR}, \
> BQ %{MULTIPART_BOUNDARY_QUOTED}, \
> BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
> DB %{MULTIPART_DATA_BEFORE}, \
> DA %{MULTIPART_DATA_AFTER}, \
> HF %{MULTIPART_HEADER_FOLDING}, \
> LF %{MULTIPART_LF_LINE}, \
> SM %{MULTIPART_MISSING_SEMICOLON}, \
> IQ %{MULTIPART_INVALID_QUOTING}, \
> IP %{MULTIPART_INVALID_PART}, \
> IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
> FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
> SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
> "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"SecPcreMatchLimit 1000
> SecPcreMatchLimitRecursion 1000
> SecRule TX:/^MSC_/ "!@streq 0" \
> "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
> SecResponseBodyAccess Off
> SecDebugLog /var/log/httpd/modsec_debug.log
> SecDebugLogLevel 0SecAuditEngine RelevantOnly
> SecAuditLogRelevantStatus "^(?:5|4(?!04))"
> SecAuditLogParts ABIJDEFHZ
> SecAuditLogType Serial
>
> SecAuditLog /var/log/httpd/modsec_audit.logSecArgumentSeparator & SecCookieFormat 0SecTmpDir /var/lib/mod_security
> SecDataDir /var/lib/mod_security
>
> # ModSecurity Core Rules Set and Local configuration
> IncludeOptional modsecurity.d/*.confIncludeOptionalmodsecurity.d/activated_rules/*.conf
>
> IncludeOptionalmodsecurity.d/local_rules/*.conf</IfModule>
>
> When I want to import database via PhpMyadmin then it show me an error:
> # cat modsec_audit.log--1b44395e-H--Apache-Error: [file "mod_autoindex.c"] [line 2329] [level 3] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php,index.php) found, and server-generated directory index forbidden by Options directiveStopwatch: 1598359137900184 2090 (- - -)Stopwatch2: 1598359137900184 2090; combined=49, p1=4, p2=35, p3=0, p4=0, p5=10, sr=0, sw=0, l=0, gc=0Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/).Server: ApacheEngine-Mode: "ENABLED"
> And also error about "MULTIPART_BOUNDARY" .
> Apache configuration is:
> <Directory /> AllowOverride none Require all denied</Directory><Directory "/var/www"> AllowOverride None # Allow open access: Require all granted</Directory>
> <Directory "/var/www/html"> Options FollowSymLinks
> AllowOverride None
> Require all granted</Directory>
> TraceEnable offServerSignature OffServerTokens ProdSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> SSLHonorCipherOrder onSSLCompression offSSLSessionTickets offTimeOut 60Header always append X-Frame-Options SAMEORIGINHeader set X-XSS-Protection "1; mode=block"Header set X-Content-Type-Options nosniffErrorDocument 500 "Oh sorry dear."FileETag MTime KeepAlive On MaxKeepAliveRequests 100 MaxConnectionsPerChild 1000 UseCanonicalName Off LimitInternalRecursion 5 LimitRequestFields 500 AcceptPathInfo OffMaxRanges 100KeepAliveTimeout 4# ModulesLoadModule reqtimeout_module modules/mod_reqtimeout.soLoadModule headers_module modules/mod_headers.soRequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
>
> Please help me to solve this problem.
> Thank you.
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
