Re: [mod-security-users] Output Filters with mod_jk2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Output Filters with mod_jk2
|
From: Ivan R. <iv...@we...> - 2005-09-01 15:37:52
|
marks mlists wrote: > Hello modsec guys, > > I am sure someone already used modsecurity on a webserver which is > connecting to tomcat servers. I am running into the following problem: > > Having rules like SecFilterSelective OUTPUT "evilstring" is working fine > as long as the document containing that evilstring is being served by > apache itself or of course, via mod_proxy. But it does not work like I > want it to with mod_jk(2). > > If I request a page within a context mapped by mod_jk, p.e. > /app/evilfile containing the string, I get a successful pattern match: > mod_security: Access denied with code 200. Pattern match "evilstring" > at OUTPUT [uri "/app/evilfile"] From the above log message it would appear mod_security is configured to respond with status code 200. What happens when you use: SecFilterSelective OUTPUT evilstring log,deny,status:404 ? > So does someone of you have a clue what to do or where to have a look > at? Thanks in advance. We need to look at your configuration files and, possibly, your debug log entries at level 9. Look here for the instructions: http://www.modsecurity.org/documentation/support-request-checklist.html -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
