RE: [mod-security-users] mod_security causing Apache 1.3.33 to ha ng
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] mod_security causing Apache 1.3.33 to ha ng
|
From: Servedio, A. (Matrix) <All...@ic...> - 2006-01-11 19:54:25
|
Hi, I compiled it with: /apachehome/bin/apxs -cia mod_security.c Against and already compiled Apache (so, SSL was already compiled into it). The above made a shared object in my libexec that I included with the LoadModule (also did the AddModule entry as specified in your install instructions). Yeah, I agree with you on the redirect. The reason that I just did the root like that is that this actually handles LOTS of domains. So, I thought just sending them back to the root was the safest way to ditch their parameters but not give them an ugly error page. Is there a better way to do that? Thanks, Allen --------------------------------------------------- Allen Servedio Internet Developer (E-Commerce) Matrix Resources Consultant --------------------------------------------------- -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: Wednesday, January 11, 2006 2:47 PM To: Servedio, Allen (Matrix) Cc: 'mod...@li...' Subject: Re: [mod-security-users] mod_security causing Apache 1.3.33 to hang Servedio, Allen (Matrix) wrote: > Hi, > > I am new to using mod_security so there is a high probability that I > messed something up with my configuration. But, I am able to get Apache > to hang (consistently) while using mod_security by posting the form > below (it is from a security scanning tool, in case the values look > fishy :-) ). I would appreciate any insight as to what is causing this > to hang. If I remove mod_security the same request passes through just fine. I am unable to re-create the problem here (1.3.3 + mod_ssl 2.8.22, running on Debian 3.1). Did you compile mod_security before or after mod_ssl installation? mod_ssl for Apache 1.3.x actually patches the Apache source code and changes the API? Many modules work after the patch on Linux but I don't know about Solaris. > SecFilterDefaultAction "deny,log,redirect:/" Strictly speaking redirects should be supplied with a full URL. For example: redirect:http://www.example.com/ However, I notice that even / works and redirects the user to the root of the web site. There's nothing unusual in your configuration. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
