Re: [mod-security-users] modsecurity on http-https redirect on apache
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] modsecurity on http-https redirect on apache
|
From: Franz A. <fra...@gm...> - 2021-03-18 15:43:07
|
Hi Christian, i moved redirect to .htaccess file and all working fine now... Yes i think ModSec in this way filter before Apache, thanks! Franz Il giorno gio 18 mar 2021 alle ore 09:10 Christian Folini <chr...@ne...> ha scritto: > > Hey Franz, > > ModSec works in multiple phases and the redirect is relatively early. In > fact Mod_rewrite works in two phases IIRC and here it is faster than ModSec. > The rule in question runs in phase 2 and that's relatively late. > > You have 3 options: > - Forget about it. I mean who cares since the attack can not affect you due > to the redirect anyways. > - Implement the redirect in ModSecurity in ModSec phase 2 after the Core Rule > Set include. (-> custom rule) > - Move the Redirect into the VH or potentially into the container if that > is possible (have not done this in years). That might force apache to > execute it later and ModSec comes first. But you need to test this. > > Best, > > Christian > > On Thu, Mar 18, 2021 at 08:54:18AM +0100, Franz Angeli wrote: > > Hi, > > > > Sorry but i'm new on modsecurity, i've installed a Debian apache > > server with modsecurity with no custom rules for testing/learning. > > > > If i try to use: > > > > curl https://www.example.test/index.html?exec=/bin/bash > > > > all working fine with: > > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>403 Forbidden</title> > > </head><body> > > <h1>Forbidden</h1> > > <p>You don't have permission to access this resource.</p> > > </body></html> > > > > and on modsecurity log: > > > > Message: Warning. Matched phrase "bin/bash" at ARGS:exec. [file > > "/etc/modsecurity/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] > > [line "518"] [id "932160"] [msg "Remote Command Execution: Unix Shell > > Code Found"] [data "Matched > > > > > > on the same server i've configured a simple http to https redirection > > Redirect / https://www.example.test/ > > > > with redirect the same test fail: > > > > redirects acts before modsecurity? How can i solve this? > > > > Thanks in advance > > > > Franz > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
