Re: [mod-security-users] mod-security-users Digest, Vol 6, Issue 22
Brought to you by:
victorhora,
zimmerletw
From: Dan R. <sp...@el...> - 2006-11-22 08:59:34
|
Hi mate it seems the source install is also broken on our production server which had a source apache install rather than package install. A more informative method would be nice as everything seems broken, maybe a configure script or how 1.9 installs so modules. the ports install didnt install the module properly in the configuration and it seems the source doesnt copy the module over properly, here is my error /home/danielr/sources/modsecurity-apache_2.0.4/apache2$ make install /usr/local/bin/bash /www/apache/build/libtool --silent --mode=install cp mod_security2.la /www/apache/modules/ Warning! dlname not found in /www/apache/modules/mod_security2.la. Assuming installing a .so rather than a libtool archive. the only files installed are mod_security2.a mod_security2.la Ivan Ristic wrote: > On 11/21/06, Dan Rossi <sp...@el...> wrote: >> >> > I am not sure what problem you are describing. Can you be more >> > specific please? >> >> Ok a rule for a cookie data check had a log,pass action was causing a >> 500 status from the default action deny,log,status:500 etc, i was also >> getting a default status of 403 when i set the default action to >> "auditlog,pass" so i can see what urls should be getting through but are >> tripping the audit log, so still allow the traffic until i tweak >> everything. > > To me sounds like the situation I explained in one of my previous > emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of > checks that are enabled with configuration, not with rules. If any of > those checks are triggered access will be forbidden. The default > action list only affects rules. If you don't like this you need to > relax the checks in configuration. > >> > You can implement that via en external script using the exec action. >> > In general it's not a very good idea unless you implement throttling >> > too, ie have a mechanism that will prevent uncontrolled sending of >> > thousands of emails. >> > >> >> I could look at some kind of "buffered smtp appender", what i was asking >> specicially how are we able to send the message as an argument to a perl >> script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only >> really need this for the start , as it seems im getting alot of >> errornous audits which should be letting traffic through so i need to be >> aware of it so take action and tweak things. > > All the information should be in the environment variables. Just print > all of them and you'll see what I mean. > |