Re: [mod-security-users] SecFilterSelective OUTPUT problem
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecFilterSelective OUTPUT problem
|
From: Ryan B. <rcb...@gm...> - 2006-03-30 16:48:54
|
Are you using virtual hosts? If you have defined virtual hosts, then you need to specify both the proxy rules and errordocument directives within th= e same virtual host conatainer. I have implemented a similar mod_security mechanism to catch failed authentications for internal Oracle web apps. I have mod_security inspect the OUTPUT html returned by the proxied app server and look for the Oracle Error message. If it sees this, it will trigger a 401 status code and then use the CGI script that I specified in the ErorrDocument. <LocationMatch "/application1/login.do"> SecFilterSelective OUTPUT "ORA-01017\: invalid username\/password\; logo= n denied" status:401 </LocationMatch> This works fine for me, however I had to specify all of this within the SSL/443 virtual host container. -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache On 3/30/06, Eric <e3...@gm...> wrote: > > Hi, > > I am currently using apache as a proxy for serving content from a backend > application server. I am using modsecurity to send requests for > non-existent > pages to a custom 404 page. The command that I am using is > SecFilterSelective > OUTPUT "..." "log,status:404" with the 404 as a custom page I define with > ErrorDocument 404 /404/error/page. And it seems to be catching the rule > fine. > > The problem that I am having is what Error Page is returned. When the > content > is comming from apache the Custom error page is returned, but when the > content > is coming from the app server the default 404 message is displayed. In > both > cases the SecFilter rule is catching the "..." correctly, but its just no= t > displaying the custom 404 page. > > Any ideas why the custom page is not being displayed? > > Thanks. > > -Eric > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat= =3D121642 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > |
