[mod-security-users] apache 2.0, mod_security_v1.9RC and log performance

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

=20

I test Apache 2.0.54 with mod_security v1.9RC1.

=20

According to the book "Security Apache", with the version of Apache 2,0 =
can be measured the yield of the requests using LogIO and =
%{mod_security-time1}n.

=20

This is my configuration of Apache:

=20

LogFormat "%t \"%r\" %>s - %I %O - %{mod_security-time1}n =
%{mod_security-time2}n %{mod_security-time3}n %D" tiempo

CustomLog /logs/timer_log  tiempo

=20

This is the generate log (timer_log):

=20

[14/Oct/2005:14:07:42 +0200] "GET /cfg2html/linuxlandia.html HTTP/1.1" =
304 - 550 168 - - - - 1604

[14/Oct/2005:14:07:42 +0200] "GET /cfg2html/cfg2html_back.jpg HTTP/1.1" =
404 - 423 425 - - - - 874

[14/Oct/2005:14:07:42 +0200] "GET /cfg2html/profbull.gif HTTP/1.1" 404 - =
418 420 - - - - 526

[14/Oct/2005:14:07:46 +0200] "GET /cfg2html/linuxlandia.html HTTP/1.1" =
304 - 550 167 - - - - 631

[14/Oct/2005:14:07:46 +0200] "GET /cfg2html/cfg2html_back.jpg HTTP/1.1" =
404 - 423 425 - - - - 545

[14/Oct/2005:14:07:46 +0200] "GET /cfg2html/profbull.gif HTTP/1.1" 404 - =
418 420 - - - - 510

[14/Oct/2005:14:11:31 +0200] "GET /cfg2html/cfg2html_back.jpg HTTP/1.1" =
404 - 423 426 - - - - 1460

[14/Oct/2005:14:11:31 +0200] "GET /cfg2html/profbull.gif HTTP/1.1" 404 - =
418 421 - - - - 3872

=20

In the file of log they do not appear the data of mod_security-time1, =
mod_security-time2 and mod_security-time3.

Why it does not work? It lacks some configuration?

=20

Thanks!!

=20

This is my file mod_security.conf

<paste>

#

    SecFilterEngine DynamicOnly

=20

# Reject requests with status 403

SecFilterDefaultAction "deny,log,status:403"

=20

# Some sane defaults

=20

    SecFilterScanPOST             On

    SecFilterCheckURLEncoding     On

    SecFilterCheckCookieFormat    Off

    SecFilterCheckUnicodeEncoding Off

=20

# Rango de Caracteres ASCII aceptados

=20

    SecFilterForceByteRange       1 255

=20

# Server masking is optional

    SecServerResponseToken      Off

#    SecServerSignature          "Microsoft-IIS/5.0"

=20

    SecUploadDir       /tmp

    SecUploadKeepFiles Off

=20

# Solo audita las peticiones mas relevantes

=20

    SecAuditEngine RelevantOnly

    SecAuditLog    logs/modsecurity.log

=20

# Salida debug en un log

=20

    SecFilterDebugLevel 0

    SecFilterDebugLog   logs/modsec_debug_log

=20

# Only accept request encodings we know how to handle we exclude GET =
requests from

# from this because some (automated) clients supply "text/html" as =
Content-Type

#

    SecFilterSelective REQUEST_METHOD "!^GET$" chain

    SecFilterSelective HTTP_Content-Type =
"!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"

=20

# Require Content-Length to be provided withi every POST request

#

    SecFilterSelective REQUEST_METHOD "^POST$" chain

    SecFilterSelective HTTP_Content-Length "^$"

=20

# Don't accept transfer encodings we know we don't handle (and you don't =
need it anyway)

#

    SecFilterSelective HTTP_Transfer-Encoding "!^$"

=20

# Prevenir ataques via QueryString que desea llamar a PERL

#

    SecFilterSelective QUERY_STRING perl

=20

# Prevenir LWP::Simple user agents from requesting files

#

    SecFilterSelective HTTP_USER_AGENT lwp

</paste>

=20

=20

=20

Tom=E1s Hidalgo Salvador

thi...@te...

Dpto. Sistemas Unix

Tlf.: 2333

DSF Almariya

=20