Re: [mod-security-users] problems
Brought to you by:
victorhora,
zimmerletw
From: love w. <lov...@gm...> - 2007-07-18 14:58:13
|
Hi Thanx to everybody for the help.It was my very silly mistake that i forgot to install the mod_unique_id module installed. I m sorry for that.Anyway your replies have been helpful to me . On 7/18/07, Avi Aminov <av...@br...> wrote: > > Hi, > > > > Switching off the engine entirely is actually telling modsecurity to skip > all the rules, meaning no blocking nor interceptions will occur. > > What Ryan suggested was: > > SecRuleEngine *DetectionOnly* > > SecAuditEngine *On* > > > > The rest of the configuration can stay the same. > > With this configuration, modsecurity will not block your traffic, but will > log everything, even if the transaction was ok. > > In case of the rule you used, it will be logged only if the request line > is badly written. Try this to test logging. > > SecAction "pass,msg:'Logging is fine!',log" > > > > > > HTH, > > Avi > > > ------------------------------ > > *From:* mod...@li... [mailto: > mod...@li...] *On Behalf Of *love > wadhwa > *Sent:* Wednesday, July 18, 2007 4:03 PM > *To:* mod...@li... > *Subject:* [mod-security-users] problems > > > > > > ---------- Forwarded message ---------- > From: *love wadhwa* <lov...@gm...> > Date: Jul 18, 2007 5:40 PM > Subject: Re: [mod-security-users] problems > To: Bunyamin DEMIR <bun...@gm...> > > Hi > As per your saying i finally switched off rule engine since i m in testing > phase and entered this in configuration file: > <IfModule mod_security2.c> > SecAuditEngine On > SecAuditLog logs/audit.log > SecAuditLogType serial > SecAuditLogParts ABIFHZ > </IfModule> > > After this i restart my apache and i automatically get my audi file made > in logs directory.But i am not getting anything logged in it. The > permissions are same as that of access.log file.So since it is getting > logged so definitely no problems shud be there in audit file regarding file > permissions. > Now i cud not get the idea why its not logging?Definitely some of it is > working since audit file has been made but it could not log.Plz help > regardin the same. > > > > On 7/18/07, *Bunyamin DEMIR* < bun...@gm...> wrote: > > Hi, > > Maybe for file permission > > chown <apache user> logs/audit.log > > > and > > <IfModule mod_security2.c> > SecRuleEngine On > SecAuditEngine RelevantOnly > > SecAuditLog logs/audit.log > > SecAuditLogType serial > > SecAuditLogParts ABIFHZ > SecAuditLogRelevantStatus ^[45] > SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS > "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)" > > </IfModule> > > it will work when you get an error or a warning. > > i hope :) > > Best regards, > -- > Bunyamin Demir > OWASP-Turkey Chair > http://www.webguvenligi.org > > > 2007/7/18, love wadhwa < lov...@gm...>: > > hi all > i have installed modsecurity-2.1.1 on apache - 2.0.55 and have the > following in the configuration file: > > LoadFile /usr/lib/libxml2.so > LoadModule security2_module modules/mod_security2.so > > <IfModule mod_security2.c> > SecRuleEngine On > SecAuditEngine RelevantOnly > SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS > "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)" > SecAuditLog logs/audit.log > SecAuditLogType serial > SecAuditLogParts ABIFHZ > > </IfModule> > > Now i have my audit file created in the logs directory but as per the > rule it is not logging the relevant logs into the audit file and i have this > empty file as such.Kindly help me where i m wrong. > > Warm Regards > Love Wadhwa > RedHat Certified Engg > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > -- > Bunyamin Demir > OWASP-Turkey Chair > http://www.webguvenligi.org > > > > > > -- > > > Warm Regards > Love Wadhwa > RedHat Certified Engg > > > > -- > Warm Regards > Love Wadhwa > RedHat Certified Engg > -- Warm Regards Love Wadhwa RedHat Certified Engg |