Re: [mod-security-users] mod_security status 200

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ok, I forgot to turn on SecFilterScanOutput

    SecFilterScanOutput On
    SecFilterSelective OUTPUT "was not found on this server." status:200

After enabling ScanOutput, I'm seeing "scan_pre: adding the output
filter to the filter list" in the log... but it still doesn't work

any ideas ?

On Fri, 2005-11-04 at 13:26 +0000, Peter VE wrote:
> Ryan,
> 
> the SecFilterSelective OUTPUT doesn't work.
> In the debug log, I'm seeing  "sec_pre: output filtering is off here"
> 
> I've just started setting it up
> (using mod_security for the first time)
> 
> This is what I have so far :
> 
> <IfModule mod_security.c>
>     SecFilterEngine On
>     SecFilterDefaultAction "deny,log,status:200"
>     SecFilterScanPOST On
>     SecFilterCheckCookieFormat Off
>     SecFilterCheckURLEncoding On
>     SecFilterCheckUnicodeEncoding Off
>     SecFilterForceByteRange 1 255
>     SecAuditEngine On
>     SecAuditLog /var/log/www/modsecurity.log
>     SecFilterDebugLog /var/log/www/modsecurity_debug.log
>     SecFilterDebugLevel 5
>     SecFilter "\.\./"
>     SecFilter "favicon.ico"
>     SecFilterSelective OUTPUT "was not found on this server." status:200
>     SecFilter "<(.|\n)*script"
>     SecFilter "<.|\n+>"
> </IfModule>
> 
> 
> To your point, I don't care about the 200 messages, because no regular
> users should connect to my server.  I'm only using it for server to
> server communication, but in theory, it is possible that a user tries to
> connect. In that case, I'll try to fool the user while hiding/protecting
> the real information by securing the application itself
> 
> I hope this makes sense
> 
> thanks
> 
> P