Re: [mod-security-users] mod-security-users Digest, Vol 6, Issue 22
Brought to you by:
victorhora,
zimmerletw
From: Ann H. <sea...@ha...> - 2006-11-22 04:24:04
|
The instructions are wrong, it means the source directory. It was the same problem I had. The file is in the source directory. Dan Rossi wrote: > Hi this is the specific error i get compiling with apache2 and mod sec 2 > > "Makefile", line 10: Could not find /usr/local/build/special.mk > make: fatal errors encountered -- cannot continue > > top_dir = /usr/local/apache > > thats where apache is installed with a ports install on freebsd. > > Ivan Ristic wrote: >> On 11/21/06, Dan Rossi <sp...@el...> wrote: >>>> I am not sure what problem you are describing. Can you be more >>>> specific please? >>> Ok a rule for a cookie data check had a log,pass action was causing a >>> 500 status from the default action deny,log,status:500 etc, i was also >>> getting a default status of 403 when i set the default action to >>> "auditlog,pass" so i can see what urls should be getting through but are >>> tripping the audit log, so still allow the traffic until i tweak >>> everything. >> To me sounds like the situation I explained in one of my previous >> emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of >> checks that are enabled with configuration, not with rules. If any of >> those checks are triggered access will be forbidden. The default >> action list only affects rules. If you don't like this you need to >> relax the checks in configuration. >> >>>> You can implement that via en external script using the exec action. >>>> In general it's not a very good idea unless you implement throttling >>>> too, ie have a mechanism that will prevent uncontrolled sending of >>>> thousands of emails. >>>> >>> I could look at some kind of "buffered smtp appender", what i was asking >>> specicially how are we able to send the message as an argument to a perl >>> script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only >>> really need this for the start , as it seems im getting alot of >>> errornous audits which should be letting traffic through so i need to be >>> aware of it so take action and tweak things. >> All the information should be in the environment variables. Just print >> all of them and you'll see what I mean. >> > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > |