[mod-security-users] info disclosure on deny

[kiran k <kir...@ya...>]

   
  Thanks, I should have paid more attention on error string duh..
   
  I was able to monitor server script, for deny I get forbidden page with (   Apache/2.0.55 (Unix) Server at 192.168.1.10 Port 80), I would like to avoid this, is there any thing else other than deny:redirect so that it just shows it blocked no more info about apache version.        Thanks,
   
   
   
   
  

Alon Agmon <aa...@we...> wrote:         v\:* {behavior:url(#default#VML);}  o\:* {behavior:url(#default#VML);}  w\:* {behavior:url(#default#VML);}  .shape {behavior:url(#default#VML);}                Hi , 
  Mod_proxy should be used as:
   
      ProxyPass / http://192.168.1.30/
      ProxyPassReverse / http://192.168.1.30/ 
   
  Note the last slash.
   
   
   
      
---------------------------------
  
  From: mod...@li... [mailto:mod...@li...] On Behalf Of kiran k
Sent: Monday, January 30, 2006 7:02 AM
To: mod...@li...
Subject: [mod-security-users] as reverse proxy

   
       

    Hi:

     

    I set it up exactly as described in the article. Basic test went fine, ie when I access http:192.168.1.10 (which is proxy), it went to 192.168.1.30. 

     

    When I try access server scripts (ie http://192.168.1.10/cgi-bin/modsec-test.pl) I get proxy error, like below. What is missing ? Why DNS lookup for ipaddr ?

     

     

     

    The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /cgi-bin/modsec-test.pl. 

      Reason: DNS lookup failure for: 192.168.1.30cgi-bin


     

    Configuration:

     

    <VirtualHost 192.168.1.10>

        

        ServerName localhost

        ProxyRequests Off

        ProxyPass / http://192.168.1.30

        ProxyPassReverse / http://192.168.1.30

     

        

        SecFilterEngine DynamicOnly

        SecFilterCheckURLEncoding On

    </VirtualHost>

     

     

     

     

     

     

     


  __________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
    
---------------------------------
  
  Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.





			
---------------------------------
 Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.