[mod-security-users] mod_security causing Apache 1.3.33 to hang

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I am new to using mod_security so there is a high probability that I messed
something up with my configuration. But, I am able to get Apache to hang
(consistently) while using mod_security by posting the form below (it is
from a security scanning tool, in case the values look fishy :-) ). I would
appreciate any insight as to what is causing this to hang. If I remove
mod_security the same request passes through just fine.

Here are the particulars of my installation:

Solaris (release 5.8)

Apache 1.3.33 (mod_ssl [2.8.22] OpenSSL [0.9.6m])

Mod_security (tried both 1.9.1 and 1.9.2-rc3)

*** MOD_SECURITY.CONF file ***

<IfModule mod_security.c>

    SecFilterEngine On

    SecAuditEngine RelevantOnly

    SecAuditLog logs/audit_log

    SecFilterDebugLog logs/modsec_debug_log

    SecFilterDebugLevel 0

    SecFilterScanPOST On

    SecFilterDefaultAction "deny,log,redirect:/"    

    SecFilterSignatureAction "deny,log,redirect:/"

    SecFilter "<[[:space:]]*script" id:1001

    SecFilter "<(.|\n)+>" id:1002

    SecFilterSignatureAction deny,log,redirect:/h/d/pc/1/en/removecookies

    SecFilterSelective HTTP_Cookie "<[[:space:]]*script" id:1003

    SecFilterSelective HTTP_Cookie "<[[:space:]]*img" id:1004

    SecFilterSelective HTTP_Cookie "<[[:space:]]*iframe" id:1005

    SecFilterSelective HTTP_Cookie "<[[:space:]]*frame" id:1006

    SecFilterSelective HTTP_Cookie "<[[:space:]]*object" id:1007

    SecFilterSelective HTTP_Cookie "<[[:space:]]*applet" id:1008

    SecFilterSelective HTTP_Cookie "<[[:space:]]*link" id:1009

    SecFilterSelective HTTP_Cookie "<[[:space:]]*embed" id:1010

    SecFilterSelective HTTP_Cookie "<[[:space:]]*form" id:1011

            <LocationMatch "/h/d/pc/1/en/removecookies">

              SecFilterInheritance Off

      SecFilterEngine Off

            </LocationMatch>

            <LocationMatch "/decWebServices/*">

              SecFilterInheritance Off

      SecFilterEngine Off

            </LocationMatch>    

</IfModule>

*** FORM THAT HANGS APACHE ***

<form action="http://localhost" method="POST"> 

<input type="hidden" name="newSearch"
value="<!--#exec%20cmd='/bin/cat%20/etc/passwd'-->" />

<input type="hidden" name="countryRequired" value="yes" />

<input type="hidden" name="errorURL"
value="%2fh%2fd%2f6c%2f1%2fen%2fhome%3fquickResCache%3dasd" />

<input type="hidden" name="successURL"
value="%2fh%2fd%2f6c%2f1%2fen%2fhotelsearchresults" />

<input type="hidden" name="clarifyDestinationURL"
value="%2fh%2fd%2f6c%2f1%2fen%2fhotelsearchclarify" />

<input type="hidden" name="availabilitySearchSuccessURL"
value="%2fh%2fd%2f6c%2f1%2fen%2favailsearch%3ferrorURL%3d%2fh%2fd%2f6c%2f1%2
fen%2fhome%253FquickResCache%253Dasd" />

<input type="hidden" name="resetAdditionalRequirements" value="true" />

<input type="hidden" name="currentBrandId" value="6C" />

<input type="hidden" name="searchGroupCodes" value="IN" />

<input type="hidden" name="searchGroupCodes" value="CW" />

<input type="hidden" name="searchGroupCodes" value="EX" />

<input type="hidden" name="searchGroupCodes" value="HI" />

<input type="hidden" name="searchGroupCodes" value="RS" />

<input type="hidden" name="searchGroupCodes" value="SL" />

<input type="hidden" name="searchGroupCodes" value="SS" />

<input type="hidden" name="searchGroupCodes" value="FS" />

<input type="hidden" name="searchGroupCodes" value="SB" />

<input type="hidden" name="searchGroupCodes" value="CP" />

<input type="hidden" name="searchGroupCodes" value="IC" />

<input type="hidden" name="rateGroupCode" value="bh" />

<input type="hidden" name="brandGroupCode" value="6c" />

<input type="hidden" name="mapItSearch"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="city" value="Atlanta" />

<input type="hidden" name="stateId" value="" />

<input type="hidden" name="countryId" value="" />

<input type="hidden" name="checkInDate"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="checkInMonthYear"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="checkOutDate"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="checkOutMonthYear"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="numberOfAdults" value="1" />

<input type="hidden" name="numberOfChildren" value="0" />

<input type="hidden" name="numberOfRooms" value="1" />

<input type="hidden" name="rateTypeCodes"
value="777-777-1911form%40value777.com" />

<input type="hidden" name="smartQuickSearch"
value="777-777-1911form%40value777.com" />

<input type="submit" />

</form>

Thanks!

Allen

---------------------------------------------------
Allen Servedio
Internet Developer (E-Commerce)
Matrix Resources Consultant
---------------------------------------------------