[mod-security-users] Fedora3 mod_security not working

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sir,

I have subscribed to your mod_security list but after replying to the 
confirmation, I get no notice that i can go ahead and post or welcome 
message.

My problem is that even after installing the mod_security on my Linux 
Fedora3 Apache2 system and adding your quick example to the httpd.conf 
and restarting my server, I can still do a traversal attack on my system.

http://www.paysafenet.com/?x=../../../../../../../etc/passwd

with
<IfModule mod_security.c>

   # Turn the filtering engine On or Off
   SecFilterEngine On

   # Make sure that URL encoding is valid
   SecFilterCheckURLEncoding On

   # Only allow bytes from this range
   SecFilterForceByteRange 32 126

   # The audit engine works independently and
   # can be turned On of Off on the per-server or
   # on the per-directory basis
   SecAuditEngine RelevantOnly

   # The name of the audit log file
   SecAuditLog logs/audit_log

   SecFilterDebugLog logs/modsec_debug_log
   SecFilterDebugLevel 0

   # Should mod_security inspect POST payloads
   SecFilterScanPOST On

   # Action to take by default
   SecFilterDefaultAction "deny,log,status:406"

   # Redirect user on filter match
   SecFilter xxx redirect:http://www.webkreator.com

   # Execute the external script on filter match
   SecFilter yyy log,exec:/home/ivanr/apache/bin/report-attack.pl

   # Simple filter
   SecFilter 111
      # Only check the QUERY_STRING variable
   SecFilterSelective QUERY_STRING 222

   # Only check the body of the POST request
   SecFilterSelective POST_PAYLOAD 333

   # Only check arguments (will work for GET and POST)
   SecFilterSelective ARGS 444

   # Test filter
   SecFilter "/cgi-bin/keyword"

   # Another test filter, will be denied with 404 but not logged
   # action supplied as a parameter overrides the default action
   SecFilter 999 "deny,nolog,status:404"

   # Prevent OS specific keywords
   SecFilter /etc/password

   # Prevent path traversal (..) attacks
   SecFilter "\.\./"

   # Weaker XSS protection but allows common HTML tags
   SecFilter "<( |\n)*script"

   # Prevent XSS atacks (HTML/Javascript injection)
   SecFilter "<(.|\n)+>"

   # Very crude filters to prevent SQL injection attacks
   SecFilter "delete[[:space:]]+from"
   SecFilter "insert[[:space:]]+into"
   SecFilter "select.+from"

   # Require HTTP_USER_AGENT and HTTP_HOST headers
   SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

   # Forbid file upload
   SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data

   # Only watch argument p1
   SecFilterSelective "ARG_p1" 555

   # Watch all arguments except p1
   SecFilterSelective "ARGS|!ARG_p2" 666

   # Only allow our own test utility to send requests (or Mozilla)
   SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"

   # Do not allow variables with this name
   SecFilterSelective ARGS_NAMES 777

   # Do now allow this variable value (names are ok)
   SecFilterSelective ARGS_VALUES 888

</IfModule>

can you please help me to figure out why this is not working?

Thanks,
Lonnie Cumberland