Re: [mod-security-users] mod_security status 200
Brought to you by:
victorhora,
zimmerletw
From: Peter VE <xx...@im...> - 2005-11-04 12:54:52
|
Ok, I forgot to turn on SecFilterScanOutput SecFilterScanOutput On SecFilterSelective OUTPUT "was not found on this server." status:200 After enabling ScanOutput, I'm seeing "scan_pre: adding the output filter to the filter list" in the log... but it still doesn't work any ideas ? On Fri, 2005-11-04 at 13:26 +0000, Peter VE wrote: > Ryan, > > the SecFilterSelective OUTPUT doesn't work. > In the debug log, I'm seeing "sec_pre: output filtering is off here" > > I've just started setting it up > (using mod_security for the first time) > > This is what I have so far : > > <IfModule mod_security.c> > SecFilterEngine On > SecFilterDefaultAction "deny,log,status:200" > SecFilterScanPOST On > SecFilterCheckCookieFormat Off > SecFilterCheckURLEncoding On > SecFilterCheckUnicodeEncoding Off > SecFilterForceByteRange 1 255 > SecAuditEngine On > SecAuditLog /var/log/www/modsecurity.log > SecFilterDebugLog /var/log/www/modsecurity_debug.log > SecFilterDebugLevel 5 > SecFilter "\.\./" > SecFilter "favicon.ico" > SecFilterSelective OUTPUT "was not found on this server." status:200 > SecFilter "<(.|\n)*script" > SecFilter "<.|\n+>" > </IfModule> > > > To your point, I don't care about the 200 messages, because no regular > users should connect to my server. I'm only using it for server to > server communication, but in theory, it is possible that a user tries to > connect. In that case, I'll try to fool the user while hiding/protecting > the real information by securing the application itself > > I hope this makes sense > > thanks > > P |