Re: [mod-security-users] mod_security status 200

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ryan,

the SecFilterSelective OUTPUT doesn't work.
In the debug log, I'm seeing  "sec_pre: output filtering is off here"

I've just started setting it up
(using mod_security for the first time)

This is what I have so far :

<IfModule mod_security.c>
    SecFilterEngine On
    SecFilterDefaultAction "deny,log,status:200"
    SecFilterScanPOST On
    SecFilterCheckCookieFormat Off
    SecFilterCheckURLEncoding On
    SecFilterCheckUnicodeEncoding Off
    SecFilterForceByteRange 1 255
    SecAuditEngine On
    SecAuditLog /var/log/www/modsecurity.log
    SecFilterDebugLog /var/log/www/modsecurity_debug.log
    SecFilterDebugLevel 5
    SecFilter "\.\./"
    SecFilter "favicon.ico"
    SecFilterSelective OUTPUT "was not found on this server." status:200
    SecFilter "<(.|\n)*script"
    SecFilter "<.|\n+>"
</IfModule>

To your point, I don't care about the 200 messages, because no regular
users should connect to my server.  I'm only using it for server to
server communication, but in theory, it is possible that a user tries to
connect. In that case, I'll try to fool the user while hiding/protecting
the real information by securing the application itself

I hope this makes sense

thanks

P