Re: [mod-security-users] problems
Brought to you by:
victorhora,
zimmerletw
From: Avi A. <av...@br...> - 2007-07-18 14:13:39
|
Hi, =20 Switching off the engine entirely is actually telling modsecurity to skip all the rules, meaning no blocking nor interceptions will occur. What Ryan suggested was: SecRuleEngine DetectionOnly SecAuditEngine On =20 The rest of the configuration can stay the same. With this configuration, modsecurity will not block your traffic, but will log everything, even if the transaction was ok. In case of the rule you used, it will be logged only if the request line is badly written. Try this to test logging. SecAction "pass,msg:'Logging is fine!',log" =20 =20 HTH, Avi =20 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of love wadhwa Sent: Wednesday, July 18, 2007 4:03 PM To: mod...@li... Subject: [mod-security-users] problems =20 ---------- Forwarded message ---------- From: love wadhwa <lov...@gm...> Date: Jul 18, 2007 5:40 PM=20 Subject: Re: [mod-security-users] problems To: Bunyamin DEMIR <bun...@gm...> Hi As per your saying i finally switched off rule engine since i m in testing phase and entered this in configuration file:=20 <IfModule mod_security2.c> SecAuditEngine On SecAuditLog logs/audit.log SecAuditLogType serial=20 SecAuditLogParts ABIFHZ </IfModule> After this i restart my apache and i automatically get my audi file made in logs directory.But i am not getting anything logged in it. The permissions are same as that of access.log file.So since it is getting logged so definitely no problems shud be there in audit file regarding file permissions. Now i cud not get the idea why its not logging?Definitely some of it is working since audit file has been made but it could not log.Plz help regardin the same. =20 On 7/18/07, Bunyamin DEMIR < bun...@gm... <mailto:bun...@gm...> > wrote: Hi, Maybe for file permission chown <apache user> logs/audit.log and <IfModule mod_security2.c>=20 SecRuleEngine On SecAuditEngine RelevantOnly SecAuditLog logs/audit.log SecAuditLogType serial=20 SecAuditLogParts ABIFHZ SecAuditLogRelevantStatus ^[45]=20 SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)" </IfModule> it will work when you get an error or a warning.=20 i hope :)=20 Best regards,=20 --=20 Bunyamin Demir OWASP-Turkey Chair http://www.webguvenligi.org 2007/7/18, love wadhwa < lov...@gm... <mailto:lov...@gm...> >: hi all i have installed modsecurity-2.1.1 on apache - 2.0.55 and have the following in the configuration file: =09 LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so =09 <IfModule mod_security2.c>=20 SecRuleEngine On SecAuditEngine RelevantOnly SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)" SecAuditLog logs/audit.log SecAuditLogType serial=20 SecAuditLogParts ABIFHZ </IfModule> =09 Now i have my audit file created in the logs directory but as per the rule it is not logging the relevant logs into the audit file and i have this empty file as such.Kindly help me where i m wrong. =09 Warm Regards Love Wadhwa RedHat Certified Engg=20 =09 ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now.=20 http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list=20 mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users --=20 Bunyamin Demir OWASP-Turkey Chair http://www.webguvenligi.org=20 --=20 Warm Regards Love Wadhwa RedHat Certified Engg=20 --=20 Warm Regards Love Wadhwa RedHat Certified Engg=20 |