Re: [mod-security-users] [path=(null)]
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] [path=(null)]
|
From: Ivan R. <iva...@gm...> - 2006-04-13 19:23:22
|
On 4/13/06, joe barbish <joe...@ya...> wrote: > > In the debug log I see this. > sec_check_access [path=3D(null)] > > Is this some default internal rule that gets executed? > I there some form of this rule I can code my self to set the real path? You should ignore that line. It just means transaction processing has entered a certain phase. > I have been using the apache httpd-access.log to see the raw request data= . > Is there some other method you would recommend? It depends on what you want/need. The ModSecurity audit log contains much more information. > Is there some place I can find the maping of words like REQUEST_URI to th= eir > location in the httpd_access.log logged records? In the Apache documentation: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html > I am interested in using SecChrootDir /chroot/apache > But the manual is not clear on setting it up. So we've heard several times already :) > Is this how I should code the rule? > > SecChrootDir /usr/local/www/data You could. But in that case you'll have to change the directory root from "/usr/local/www/data" to "/" (because that's how Apache will see it in jail). BTW, you can only use the internal chroot feature if you don't intend to run CGIs, send email from your scripts, etc. You won't be able to restart Apache either (you'll have to "stop-start" it). You'll find all this explained in the free chapter of my book: http://www.apachesecurity.net/download/apachesecurity-ch02.pdf > And change the path of httpd-error.log & httpd-access.log from /var/log t= o > /usr/local/www/data/ in the httpd.conf? Logs can stay as they are. > Since the logs will be in the jail how do I access the logs from outside = the jail > with out turning off mod_security? The logs do not need to go in the jail. But even if they do you can access the inside of the jail from the outside no problem. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
