RE: [mod-security-users] mod_security causing Apache 1.3.33 to ha ng
Brought to you by:
victorhora,
zimmerletw
From: Christopher M. <mu...@to...> - 2006-01-11 20:01:16
|
Did you run an strace on the apache process to see where it's hanging? -- Regards, -Chris _______________________________________________ Christopher Murley Network Administrator TownNews.Com 800.293.9576 Servedio, Allen (Matrix) said: > Hi, > > I compiled it with: > /apachehome/bin/apxs -cia mod_security.c > > Against and already compiled Apache (so, SSL was already compiled into > it). > > The above made a shared object in my libexec that I included with the > LoadModule (also did the AddModule entry as specified in your install > instructions). > > Yeah, I agree with you on the redirect. The reason that I just did the > root > like that is that this actually handles LOTS of domains. So, I thought > just > sending them back to the root was the safest way to ditch their parameters > but not give them an ugly error page. Is there a better way to do that? > > Thanks, > Allen > > --------------------------------------------------- > Allen Servedio > Internet Developer (E-Commerce) > Matrix Resources Consultant > --------------------------------------------------- > > > -----Original Message----- > From: Ivan Ristic [mailto:iv...@we...] > Sent: Wednesday, January 11, 2006 2:47 PM > To: Servedio, Allen (Matrix) > Cc: 'mod...@li...' > Subject: Re: [mod-security-users] mod_security causing Apache 1.3.33 to > hang > > Servedio, Allen (Matrix) wrote: >> Hi, >> >> I am new to using mod_security so there is a high probability that I >> messed something up with my configuration. But, I am able to get Apache >> to hang (consistently) while using mod_security by posting the form >> below (it is from a security scanning tool, in case the values look >> fishy :-) ). I would appreciate any insight as to what is causing this >> to hang. If I remove mod_security the same request passes through just > fine. > > I am unable to re-create the problem here (1.3.3 + mod_ssl 2.8.22, > running on Debian 3.1). > > Did you compile mod_security before or after mod_ssl installation? > mod_ssl for Apache 1.3.x actually patches the Apache source code and > changes the API? Many modules work after the patch on Linux but > I don't know about Solaris. > > >> SecFilterDefaultAction "deny,log,redirect:/" > > Strictly speaking redirects should be supplied with a full > URL. For example: redirect:http://www.example.com/ However, > I notice that even / works and redirects the user to the root > of the web site. > > There's nothing unusual in your configuration. > > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > |