Re: [mod-security-users] mod_security

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Borut Rozman wrote:
>  
> I recently because of day-to-day intrusions on my webserver installed
> mod-security to log this kinda stuff. I would at first stage just log
> all post-get data, but have problem, this is my config of it: 
>  
>      AddHandler application/x-httpd-php .php
>      SecAuditEngine On
>      SecAuditLog /webs/logs/audit_log
>      SecFilterScanPOST On
>      SecFilterEngine On
>       SecServerSignature "Microsoft-IIS/5.0"
>      #SecFilter "<(.|\n)+>"
>      #SecFilter "'"
>      #SecFilter "\"
>      #SecFilter ".pl"
> 
> at this config, couple of websites stop to work though i have all
> filters disabled, how can I do just logging, nothing else!

  You need to tell us more about your problem:

   Which versions of Apache and mod_security are you using?

   Is there anything interesting in the error_log, audit log,
   mod_security debug log?

   When you say "not working" - what does that mean? Do you
   get a blank screen, internal server error, does Apache
   segfault?

  Ideally you would give enough information for me to
  replicate the problem on my server, and then I could look into
  what is causing the problem.

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]