mod-security-developers Mailing List for ModSecurity (Page 25)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Jan v. V. <jan...@it...> - 2012-11-19 15:28:56
|
Greg, Thank you so much for your time. But I'm about to give up...;( Created a website under the c:\inetpub\wwwroot\ -> website This website runs fine without modsecurity. I did exactly like you did(used the administrator command line installation method) and my output is exactly the same. In the web.config I set <ModSecurity enabled="true" configFile="c:\inetpub\wwwroot\website\ModSecurity.xml" /> The same error still occurs. I also tried placing the conf a level higher: <ModSecurity enabled="true" configFile="c:\inetpub\wwwroot\ModSecurity.xml" /> The same error still occurs. Still, I'm confused where to place the rules files themselves, i.e. modsecurity_35_bad_robots.data, modsecurity_crs_20_protocol_violations.conf etc... Thnx, JamBo |
|
From: Greg W. <gwr...@ho...> - 2012-11-16 21:03:38
|
The event log error clearly indicates an issue with the installation. I just did a fresh test with latest bits on WS2008 R2 and everything worked for me. I used the administrator command line installation method and here is my output: Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Users\gwroblew>cd \temp\modsecurityC:\Temp\modsecurity>copyfiles.batC:\Temp\modsecurity>IF /I AMD64 == x86 GOTO x86C:\Temp\modsecurity>copy x86\*.dll C:\Windows\syswow64\inetsrv
x86\libapr-1.dll
x86\libapriconv-1.dll
x86\libaprutil-1.dll
x86\libcurl.dll
x86\libxml2.dll
x86\lua5.1.dll
x86\ModSecurityIIS.dll
x86\pcre.dll
x86\zlib1.dll
9 file(s) copied.C:\Temp\modsecurity>copy amd64\*.dll C:\Windows\system32\inetsrv
amd64\libapr-1.dll
amd64\libapriconv-1.dll
amd64\libaprutil-1.dll
amd64\libcurl.dll
amd64\libxml2.dll
amd64\lua5.1.dll
amd64\ModSecurityIIS.dll
amd64\pcre.dll
amd64\zlib1.dll
9 file(s) copied.C:\Temp\modsecurity>copy x86\*.pdb C:\Windows\syswow64\inetsrv
x86\libapr-1.pdb
x86\libapriconv-1.pdb
x86\libaprutil-1.pdb
x86\libcurl.pdb
x86\lua5.1.pdb
x86\ModSecurityIIS.pdb
x86\pcre.pdb
x86\zlib1.pdb
8 file(s) copied.C:\Temp\modsecurity>copy amd64\*.pdb C:\Windows\system32\inetsrv
amd64\libapr-1.pdb
amd64\libapriconv-1.pdb
amd64\libaprutil-1.pdb
amd64\libcurl.pdb
amd64\lua5.1.pdb
amd64\ModSecurityIIS.pdb
amd64\pcre.pdb
amd64\zlib1.pdb
8 file(s) copied.C:\Temp\modsecurity>GOTO endC:\Temp\modsecurity>register.batC:\Temp\modsecurity>pushd \C:\>cd C:\Windows\system32\inetsrvC:\Windows\System32\inetsrv>appcmd.exe install module /name:ModSecurityIIS /imag
e:C:\Windows\system32\inetsrv\modsecurityiis.dll
GLOBAL MODULE object "ModSecurityIIS" added
MODULE object "ModSecurityIIS" addedC:\Windows\System32\inetsrv>popdC:\Temp\modsecurity>addschema.batC:\Temp\modsecurity>iisschema.exe /install ModSecurity.xml
Installing schema file: C:\Temp\modsecurity\ModSecurity.xml
Installed schema file: C:\Windows\system32\inetsrv\config\schema\ModSecurity.xmlRegistered section: system.webServer/ModSecurity
Finished
After that I modified a web.config file, added ModSecurity config file to wwwroot and it worked as expected.
Greg > ------------------------------
>
> Message: 6
> Date: Thu, 15 Nov 2012 16:04:56 +0100
> From: Jan van Valen <jan...@it...>
> Subject: Re: [Mod-security-developers] WS2008 R2 SP1 (64bit) IIS 7.5
> To: "mod...@li..."
> <mod...@li...>
> Message-ID:
> <F0F...@ti...>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Greg,
>
> Did the same tests with the new 2.7.1 but no progress.
>
> In the event log I only have:
>
> The Module DLL 'C:\Windows\system32\inetsrv\modsecurityiis.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture. The data field contains the error number.
>
> I have modsecurity enabled in the web.config (without, the error is also present - when I add <remove name="ModSecurityIIS" /> no error)
> The webconfig is set to: <ModSecurity enabled="true" configFile="c:\websites\wesbitename\modsecurity.conf" />
>
> The conf file is at the same level as the web.config.
> As the error points to a 'configuration problem' I fear my conf is wrong. I worked through the wiki and google but cannot find any pointers to how this conf should be configured for windows and where the actual activated_rules should be.
>
> modsecurity.conf (comments removed):
> **********************************************
> SecComponentSignature "OWASP_CRS/2.2.6"
> SecDefaultAction "phase:1,deny,nolog,auditlog"
> SecAction \
> "id:'900001', \
> phase:1, \
> t:none, \
> setvar:tx.critical_anomaly_score=5, \
> setvar:tx.error_anomaly_score=4, \
> setvar:tx.warning_anomaly_score=3, \
> setvar:tx.notice_anomaly_score=2, \
> nolog, \
> pass"
> SecAction \
> "id:'900002', \
> phase:1, \
> t:none, \
> setvar:tx.inbound_anomaly_score_level=5, \
> nolog, \
> pass"
> SecAction \
> "id:'900003', \
> phase:1, \
> t:none, \
> setvar:tx.outbound_anomaly_score_level=4, \
> nolog, \
> pass"
> #SecAction \
> "id:'900004', \
> phase:1, \
> t:none, \
> setvar:tx.anomaly_score_blocking=on, \
> nolog, \
> pass"
> #SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat
> #SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
> "id:'900005', \
> phase:1, \
> t:none, \
> ctl:ruleEngine=DetectionOnly, \
> setvar:tx.regression_testing=1, \
> nolog, \
> pass"
> SecAction \
> "id:'900006', \
> phase:1, \
> t:none, \
> setvar:tx.max_num_args=255, \
> nolog, \
> pass"
> #SecAction \
> "id:'900007', \
> phase:1, \
> t:none, \
> setvar:tx.arg_name_length=100, \
> nolog, \
> pass"
> #SecAction \
> "id:'900008', \
> phase:1, \
> t:none, \
> setvar:tx.arg_length=400, \
> nolog, \
> pass"
> #SecAction \
> "id:'900009', \
> phase:1, \
> t:none, \
> setvar:tx.total_arg_length=64000, \
> nolog, \
> pass"
> #SecAction \
> "id:'900010', \
> phase:1, \
> t:none, \
> setvar:tx.max_file_size=1048576, \
> nolog, \
> pass"
> #SecAction \
> "id:'900011', \
> phase:1, \
> t:none, \
> setvar:tx.combined_file_sizes=1048576, \
> nolog, \
> pass"
> SecAction \
> "id:'900012', \
> phase:1, \
> t:none, \
> setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \
> setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json', \
> setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
> setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \
> setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \
> nolog, \
> pass"
> #SecAction \
> "id:'900013', \
> phase:1, \
> t:none, \
> setvar:tx.csp_report_only=1, \
> setvar:tx.csp_report_uri=/csp_violation_report, \
> setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \
> nolog, \
> pass"
> #SecAction \
> "id:'900014', \
> phase:1, \
> t:none, \
> setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \
> setvar:'tx.brute_force_burst_time_slice=60', \
> setvar:'tx.brute_force_counter_threshold=10', \
> setvar:'tx.brute_force_block_timeout=300', \
> nolog, \
> pass"
> #SecAction \
> "id:'900015', \
> phase:1, \
> t:none, \
> setvar:'tx.dos_burst_time_slice=60', \
> setvar:'tx.dos_counter_threshold=100', \
> setvar:'tx.dos_block_timeout=600', \
> nolog, \
> pass"
> SecAction \
> "id:'900016', \
> phase:1, \
> t:none, \
> setvar:tx.crs_validate_utf8_encoding=1, \
> nolog, \
> pass"
> SecRule REQUEST_HEADERS:Content-Type "text/xml" \
> "id:'900017', \
> phase:1, \
> t:none,t:lowercase, \
> nolog, \
> pass, \
> chain"
> SecRule REQBODY_PROCESSOR "!@streq XML" \
> "ctl:requestBodyProcessor=XML"
> SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
> "id:'900018', \
> phase:1, \
> t:none,t:sha1,t:hexEncode, \
> setvar:tx.ua_hash=%{matched_var}, \
> nolog, \
> pass"
> SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
> "id:'900019', \
> phase:1, \
> t:none, \
> capture, \
> setvar:tx.real_ip=%{tx.1}, \
> nolog, \
> pass"
> SecRule &TX:REAL_IP "!@eq 0" \
> "id:'900020', \
> phase:1, \
> t:none, \
> initcol:global=global, \
> initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
> nolog, \
> pass"
> SecRule &TX:REAL_IP "@eq 0" \
> "id:'900021', \
> phase:1, \
> t:none, \
> initcol:global=global, \
> initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
> nolog, \
> pass"
> **************************************************
> Reagards,
> JamBo
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
>
> ------------------------------
>
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>
>
> End of mod-security-developers Digest, Vol 25, Issue 2
> ******************************************************
|
|
From: Jan v. V. <jan...@it...> - 2012-11-15 15:05:11
|
Greg,
Did the same tests with the new 2.7.1 but no progress.
In the event log I only have:
The Module DLL 'C:\Windows\system32\inetsrv\modsecurityiis.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture. The data field contains the error number.
I have modsecurity enabled in the web.config (without, the error is also present - when I add <remove name="ModSecurityIIS" /> no error)
The webconfig is set to: <ModSecurity enabled="true" configFile="c:\websites\wesbitename\modsecurity.conf" />
The conf file is at the same level as the web.config.
As the error points to a 'configuration problem' I fear my conf is wrong. I worked through the wiki and google but cannot find any pointers to how this conf should be configured for windows and where the actual activated_rules should be.
modsecurity.conf (comments removed):
**********************************************
SecComponentSignature "OWASP_CRS/2.2.6"
SecDefaultAction "phase:1,deny,nolog,auditlog"
SecAction \
"id:'900001', \
phase:1, \
t:none, \
setvar:tx.critical_anomaly_score=5, \
setvar:tx.error_anomaly_score=4, \
setvar:tx.warning_anomaly_score=3, \
setvar:tx.notice_anomaly_score=2, \
nolog, \
pass"
SecAction \
"id:'900002', \
phase:1, \
t:none, \
setvar:tx.inbound_anomaly_score_level=5, \
nolog, \
pass"
SecAction \
"id:'900003', \
phase:1, \
t:none, \
setvar:tx.outbound_anomaly_score_level=4, \
nolog, \
pass"
#SecAction \
"id:'900004', \
phase:1, \
t:none, \
setvar:tx.anomaly_score_blocking=on, \
nolog, \
pass"
#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat
#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
"id:'900005', \
phase:1, \
t:none, \
ctl:ruleEngine=DetectionOnly, \
setvar:tx.regression_testing=1, \
nolog, \
pass"
SecAction \
"id:'900006', \
phase:1, \
t:none, \
setvar:tx.max_num_args=255, \
nolog, \
pass"
#SecAction \
"id:'900007', \
phase:1, \
t:none, \
setvar:tx.arg_name_length=100, \
nolog, \
pass"
#SecAction \
"id:'900008', \
phase:1, \
t:none, \
setvar:tx.arg_length=400, \
nolog, \
pass"
#SecAction \
"id:'900009', \
phase:1, \
t:none, \
setvar:tx.total_arg_length=64000, \
nolog, \
pass"
#SecAction \
"id:'900010', \
phase:1, \
t:none, \
setvar:tx.max_file_size=1048576, \
nolog, \
pass"
#SecAction \
"id:'900011', \
phase:1, \
t:none, \
setvar:tx.combined_file_sizes=1048576, \
nolog, \
pass"
SecAction \
"id:'900012', \
phase:1, \
t:none, \
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json', \
setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \
setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \
nolog, \
pass"
#SecAction \
"id:'900013', \
phase:1, \
t:none, \
setvar:tx.csp_report_only=1, \
setvar:tx.csp_report_uri=/csp_violation_report, \
setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \
nolog, \
pass"
#SecAction \
"id:'900014', \
phase:1, \
t:none, \
setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \
setvar:'tx.brute_force_burst_time_slice=60', \
setvar:'tx.brute_force_counter_threshold=10', \
setvar:'tx.brute_force_block_timeout=300', \
nolog, \
pass"
#SecAction \
"id:'900015', \
phase:1, \
t:none, \
setvar:'tx.dos_burst_time_slice=60', \
setvar:'tx.dos_counter_threshold=100', \
setvar:'tx.dos_block_timeout=600', \
nolog, \
pass"
SecAction \
"id:'900016', \
phase:1, \
t:none, \
setvar:tx.crs_validate_utf8_encoding=1, \
nolog, \
pass"
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'900017', \
phase:1, \
t:none,t:lowercase, \
nolog, \
pass, \
chain"
SecRule REQBODY_PROCESSOR "!@streq XML" \
"ctl:requestBodyProcessor=XML"
SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
"id:'900018', \
phase:1, \
t:none,t:sha1,t:hexEncode, \
setvar:tx.ua_hash=%{matched_var}, \
nolog, \
pass"
SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
"id:'900019', \
phase:1, \
t:none, \
capture, \
setvar:tx.real_ip=%{tx.1}, \
nolog, \
pass"
SecRule &TX:REAL_IP "!@eq 0" \
"id:'900020', \
phase:1, \
t:none, \
initcol:global=global, \
initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
nolog, \
pass"
SecRule &TX:REAL_IP "@eq 0" \
"id:'900021', \
phase:1, \
t:none, \
initcol:global=global, \
initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
nolog, \
pass"
**************************************************
Reagards,
JamBo
|
|
From: Breno S. <bre...@gm...> - 2012-11-14 19:02:32
|
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.7.1 Stable Release.The stability of this release is good and includes many bug fixes. We recommend people upgrade to 2.7 series since it has a log of bug fixes and one security issue related to multipart payloads. In this version we renamed the directives and options related to HMAC feature for better understanding of the technology. Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod...@li.... Thanks Breno Silva |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-11-12 13:36:49
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto closed MODSEC-226.
------------------------------------
Resolution: Fixed
> Pb with environment variables set by SetEnv
> -------------------------------------------
>
> Key: MODSEC-226
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-226
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.5.13
> Environment: All
> Reporter: Marc Stern
> Assignee: Breno Silva Pinto
> Fix For: 2.7.0
>
>
> Inconsistent behaviour with environment variables set by SetEnv:
> Setenv var SETENV
> SecAction "phase:3,pass,auditlog,msg:'phase 3: var=<%{ENV.var}>'"
> shows the value "SETENV", thus var is in the collection
> Adding the following directive to use it:
> SecAction "phase:2,pass,nolog,setenv:var=%{ENV.var}/MS"
> shows the value "/MS"
> same result in phase 1, but works Ok in phase 3
> The behaviour is inconsistent: either the rule runs before setEnv and var should be overwritten, or it runs after and it should use it. In no case we expect to have only "/MS".
> Note that this is probably linked to a strange behaviour of SetEnv which runs, for instance, before mod_rewrite & mod_ setenvif, but the values are not seen by these modules either.
> Although the problem may lie in mod_env, it is strange that %{ENV.var} works in logging but not in a setenv: (I did not test with setvar:).
> Note that everything works correctly when setting the variable with SetEnvIf.
> Maybe the best solution would be to push for a fix in mod_env ...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-11-07 21:53:42
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-341.
--------------------------------------
Fix Version/s: 2.7.1
Resolution: Fixed
> ModSecurityIIS: The worker process crashes while executing "Invalid Request Body/XML (960912)"
> ----------------------------------------------------------------------------------------------
>
> Key: MODSEC-341
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-341
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.7.0
> Environment: Server:IIS8 on Windows Server 2012
> Test Client: WCAT on Windows Server 2008 R2
> Reporter: akurmi
> Assignee: Breno Silva Pinto
> Labels: IIS, ModSecurityIIS,
> Fix For: 2.7.1
>
> Attachments: conf1.zip
>
>
> Following wcat scenario crashes the worker process:
> transaction
> {
> id = "Invalid Request Body/XML (960912)";
> weight = 100;
> request
> {
> setheader
> {
> name = "Content-Length";
> value = "724";
> }
> setheader
> {
> name = "Content-Type";
> value = "text/xml";
> }
> url = "/default.aspx";
> statuscode= 403;
> port = 8080;
> verb = POST;
> postdata = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\r\n <SOAP-ENV:Body>\r\n <xkms:StatusRequest xmlns:xkms=\"http://www.w3.org/2002/03/xkms#\" Id=\"_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659\" ResponseId=\"_c1c36b3f-f962-4aea-bfbd-07ed58468c9b\" Service=\"http://www.soapclient.com/xml/xkms2\">\r\n <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>\r\n <xkms:RespondWith>http://www.w3.org/2002/03/xkms#X509Cert</xkms:RespondWith>\r\n </xkms:StatusRequest>\r\n </SOAP-ENV:Body><error></err>\r\n</SOAP-ENV:Envelope>\r\n\r\n\r\n";
> }
> close
> {
> method = ka;
> }
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-11-07 21:53:42
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-342.
--------------------------------------
Resolution: Fixed
> ModSecurityIIS: The worker process crashes while processing XSS requests under load
> -----------------------------------------------------------------------------------
>
> Key: MODSEC-342
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-342
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.7.0
> Environment: Server: IIS 7 on Windows Server 2008 R2
> Test Client: WCAT on Windows Server 2008 R2
> Reporter: akurmi
> Assignee: Breno Silva Pinto
> Labels: IIS, ModSecurityIIS
> Attachments: modsecurityruleset.zip, scenario.ubr, settings.ubr
>
>
> The worker process crashes while processing this wcat transaction under load:
> transaction
> {
> id = "XSS";
> weight = 100;
> request
> {
> url = "/iisstart.htm?param=<script>alert('hello')</script>";
> statuscode= 403;
> }
> close
> {
> method = reset;
> }
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-11-07 21:51:39
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-340.
--------------------------------------
Fix Version/s: 2.7.1
Resolution: Fixed
> ModSecurityIIS: The worker process crashes when configFile has a folder that does not exist
> -------------------------------------------------------------------------------------------
>
> Key: MODSEC-340
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-340
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.7.0
> Environment: IIS 7 on Windows Server 2008 R2
> Reporter: akurmi
> Assignee: Breno Silva Pinto
> Labels: IIS, ModSecurityIIS
> Fix For: 2.7.1
>
>
> The following entry in web.config would crash the worker process:
> <ModSecurity enabled="true" configFile="C:\inetpub\wwwroot\ImaginaryFolder\allrules.conf" />
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-11-07 13:47:39
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-347.
--------------------------------------
Resolution: Fixed
Looks fixed. If necessary we can reopen
> building modsecuriy 2.7.0 on linux to link with external PCRE fails to link to correct lib @ runtime
> ----------------------------------------------------------------------------------------------------
>
> Key: MODSEC-347
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-347
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Build System
> Affects Versions: 2.7.0
> Environment: uname -a
> Linux devdesk 3.4.11-2.16-desktop #1 SMP PREEMPT Wed Sep 26 17:05:00 UTC 2012 (259fc87) x86_64 x86_64 x86_64 GNU/Linux
> lsb_release -a
> LSB Version: core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
> Distributor ID: SUSE LINUX
> Description: openSUSE 12.2 (x86_64)
> Release: 12.2
> Codename: Mantis
> gcc -v
> Using built-in specs.
> COLLECT_GCC=/usr/bin/gcc-4.7
> COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/4.7/lto-wrapper
> Target: x86_64-suse-linux
> Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.7 --enable-ssp --disable-libssp --disable-libitm --disable-plugin --with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux' --disable-libgcj --disable-libmudflap --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit --enable-libstdcxx-allocator=new --disable-libstdcxx-pch --enable-version-specific-runtime-libs --enable-linker-build-id --program-suffix=-4.7 --enable-linux-futex --without-system-libunwind --with-arch-32=i586 --with-tune=generic --build=x86_64-suse-linux
> Thread model: posix
> gcc version 4.7.2 20120920 [gcc-4_7-branch revision 191568] (SUSE Linux)
> libtool --version
> libtool (GNU libtool) 2.4.2
> Written by Gordon Matzigkeit <go...@gn...>, 1996
> Copyright (C) 2011 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> Reporter: o2491857
> Assignee: Breno Silva Pinto
> Fix For: 2.7.1
>
> Attachments: find_pcre.m4, Makefile.am
>
>
> install PCRE ...
> svn co svn://vcs.exim.org/pcre/code/trunk pcre
> cd pcre
> echo -e $CFLAGS "\n" $CXXFLAGS
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> sh autogen.sh
> ./configure --disable-static --enable-jit --with-link-size=2 --with-match-limit=10000000 --enable-utf --enable-unicode-properties --enable-newline-is-lf
> make
> make install
> /usr/local/bin/pcre-config --version
> 8.32-RC1
> pkg-config libpcre --libs --cflags
> -I/usr/local/include -L/usr/local/lib64 -lpcre
> ls -al /usr/local/lib64/libpcre*
> -rwxr-xr-x 1 root root 965 Oct 18 11:44 /usr/local/lib64/libpcrecpp.la*
> lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0*
> lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0*
> -rwxr-xr-x 1 root root 46K Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0.0.0*
> -rwxr-xr-x 1 root root 919 Oct 18 11:44 /usr/local/lib64/libpcre.la*
> -rwxr-xr-x 1 root root 977 Oct 18 11:44 /usr/local/lib64/libpcreposix.la*
> lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so -> libpcreposix.so.0.0.1*
> lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.1*
> -rwxr-xr-x 1 root root 13K Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0.0.1*
> lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1*
> lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1*
> -rwxr-xr-x 1 root root 577K Oct 18 11:44 /usr/local/lib64/libpcre.so.1.0.1*
> install modsecurity ...
> ldd `which httpd` | grep pcre
> libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f6ad63a5000)
> tar zxvf modsecurity-apache_2.7.0.tar.gz
> cd modsecurity-apache_2.7.0
> unset LD_PRELOAD LD_LIBRARY_PATH
> echo -e $CFLAGS "\n" $CXXFLAGS "\n" $LDFLAGS
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto
> ./configure \
> --enable-shared --disable-static \
> --enable-apache2-module \
> --with-apxs=/usr/local/apache24x/bin/apxs \
> --with-apr=/usr/local/apache24x/bin/apr-2-config \
> --with-apu=/usr/local/apache24x/bin/apr-2-config \
> --with-pcre=/usr/local \
> --enable-pcre-jit \
> --enable-pcre-study \
> --disable-pcre-match-limit \
> --disable-pcre-match-limit-recursion \
> --disable-docs \
> --enable-strict-compile=yes \
> --enable-errors \
> --enable-verbose-output \
> --with-lua=/usr/local
> make
> make install
> ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
> libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fc9f2736000)
> that's INCORRECT based on the config options.
> It can be changed @ runtime,
> LD_LIBRARY_PATH="/usr/local/lib64" ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
> libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f9a4c2d5000)
> but the path needs to be correctly set/embedded at compile time, not requiring -- or overridable by -- a user-defined ENV var.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Jake M. <ja...@of...> - 2012-10-31 17:14:32
|
Here's the output from the uwsgi logs. At first it looks like a problem with uwsgi, but it only happens with modsecurity in place. I looked at the request coming in, and the headers aren't getting passed through for some reason. I'm using the recommended .conf file from the source package, which has SecRuleEngine set to DetectionOnly. 4 uwsgi: Traceback (most recent call last): 4 uwsgi: File "/local/lib/python2.7/site-packages/raven/utils/serializer/manager.py", line 69, in transform 4 uwsgi: return self.transform(repr(value)) 4 uwsgi: File "/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 167, in __repr__ 4 uwsgi: if self._post_parse_error: 4 uwsgi: AttributeError: 'WSGIRequest' object has no attribute '_post_parse_error' 4 uwsgi: Traceback (most recent call last): 4 uwsgi: File "/local/lib/python2.7/site-packages/raven/middleware.py", line 27, in __call__ 4 uwsgi: iterable = self.application(environ, start_response) 4 uwsgi: File "/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 262, in __call__ 4 uwsgi: request = self.request_class(environ) 4 uwsgi: File "/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 136, in __init__ 4 uwsgi: self.method = environ['REQUEST_METHOD'].upper() 4 uwsgi: KeyError: 'REQUEST_METHOD' On Wed, Oct 31, 2012 at 8:47 AM, Alan Silva <ala...@ac...> wrote: > Nice question!!! > > You have log of this? Please sent us!!! > > Thanks, > > Regards, > > Alan > > > We're looking into ModSecurity and the subscription rules service for > our servers, but I'm running into a bit of a problem. We're using nginx as > a frontend for a Django application via uwsgi. With ModSecurity enabled, > every request generates the following error: 'WSGIRequest' object has no > attribute '_post_parse_error'. I've been unable to find any documentation, > or mention of uwsgi in the mailing list archives. I feel like I have to be > missing something obvious at this point. Has anyone had any luck getting > modsecurity to play nice with uwsgi? > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Alan S. <ala...@ac...> - 2012-10-31 15:47:10
|
Nice question!!! You have log of this? Please sent us!!! Thanks, Regards, Alan > We're looking into ModSecurity and the subscription rules service for our servers, but I'm running into a bit of a problem. We're using nginx as a frontend for a Django application via uwsgi. With ModSecurity enabled, every request generates the following error: 'WSGIRequest' object has no attribute '_post_parse_error'. I've been unable to find any documentation, or mention of uwsgi in the mailing list archives. I feel like I have to be missing something obvious at this point. Has anyone had any luck getting modsecurity to play nice with uwsgi? > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > > _______________________________________________ > mod-security-developers mailing list > mod...@li... (mailto:mod...@li...) > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > |
|
From: Greg W. <gwr...@ho...> - 2012-10-31 07:36:40
|
Could you send us the details of the crash events? Or even better a crash dump if possible. Did you enable ModSecurity in your web.config file? If not, then there should be no crash for sure. We had an issue with a crash when the ModSecurity configuration file with rules was missing (in most cases you would put it in the same folder where web.config is), but it was fixed. Greg > Date: Thu, 25 Oct 2012 15:57:09 +0200 > From: Jan van Valen jan...@it... > Subject: [Mod-security-developers] WS2008 R2 SP1 (64bit) IIS 7.5 > ModSecurityiis.dll crash (2.7.0) > To: "mod...@li..." > <mod...@li...> > Message-ID: > <F0F...@ti...> > > Content-Type: text/plain; charset="us-ascii" > > Hi, > > Trying to get ModSecurity 2.7.0 to work on a windows server 2008 R2 SP1 with IIS7.5 to no avail. > This is what I tried so far: > > - Installer 2.7.0.msi > > - Downloaded the debug version followed the reference manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Microsoft_IIS > > - Copied and registered everything in either System32 (32bit) and SysWOW64 (64bit) > > - Did a DepencyWalker which only mentioned IEFRAME.DLL for which I read online that's almost always the case. > > - Reinstalled vcredist_x64 > > - Set the application pool to 'Enable 32-Bit Applications' > > All result in 'HTTP Error 503. The service is unavailable' and crash events for modsecurityiis.dll in the Application Event log. > > On http://blog.spiderlabs.com/2012/07/announcing-the-availability-of-modsecurity-extension-for-iis.html in the comments it states that 'you can add the modsecurity.conf file into the wwwroot'. > I'm a little confused about what that location should be. > > In my situation I have the default website removed. Created a website in d:\websites\website. > Where should I put the conf and the rules? )If that should solve my problem. > > What else can I do to make it work? > Thnx, > JamBo |
|
From: Jake M. <ja...@of...> - 2012-10-30 22:59:56
|
We're looking into ModSecurity and the subscription rules service for our servers, but I'm running into a bit of a problem. We're using nginx as a frontend for a Django application via uwsgi. With ModSecurity enabled, every request generates the following error: 'WSGIRequest' object has no attribute '_post_parse_error'. I've been unable to find any documentation, or mention of uwsgi in the mailing list archives. I feel like I have to be missing something obvious at this point. Has anyone had any luck getting modsecurity to play nice with uwsgi? |
|
From: Breno S. P. <BP...@tr...> - 2012-10-26 13:45:13
|
Hello community! During the last week we migrated the ModSecurity project to Github. Right now the code, the documentation and packages for download are already there! Github place : https://github.com/SpiderLabs/ModSecurity For those of you that want to contribute with patches, we wrote some instructions here: http://www.modsecurity.org/developers/ Please continue opening tickets for bugs, improvements and new features into ModSecurity Jira (http://www.modsecurity.org/tracker) Thank you very much! Breno Silva ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-10-25 16:31:10
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-347.
--------------------------------------
Resolution: Not a Bug
> building modsecuriy 2.7.0 on linux to link with external PCRE fails to link to correct lib @ runtime
> ----------------------------------------------------------------------------------------------------
>
> Key: MODSEC-347
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-347
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Build System
> Affects Versions: 2.7.0
> Environment: uname -a
> Linux devdesk 3.4.11-2.16-desktop #1 SMP PREEMPT Wed Sep 26 17:05:00 UTC 2012 (259fc87) x86_64 x86_64 x86_64 GNU/Linux
> lsb_release -a
> LSB Version: core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
> Distributor ID: SUSE LINUX
> Description: openSUSE 12.2 (x86_64)
> Release: 12.2
> Codename: Mantis
> gcc -v
> Using built-in specs.
> COLLECT_GCC=/usr/bin/gcc-4.7
> COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/4.7/lto-wrapper
> Target: x86_64-suse-linux
> Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.7 --enable-ssp --disable-libssp --disable-libitm --disable-plugin --with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux' --disable-libgcj --disable-libmudflap --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit --enable-libstdcxx-allocator=new --disable-libstdcxx-pch --enable-version-specific-runtime-libs --enable-linker-build-id --program-suffix=-4.7 --enable-linux-futex --without-system-libunwind --with-arch-32=i586 --with-tune=generic --build=x86_64-suse-linux
> Thread model: posix
> gcc version 4.7.2 20120920 [gcc-4_7-branch revision 191568] (SUSE Linux)
> libtool --version
> libtool (GNU libtool) 2.4.2
> Written by Gordon Matzigkeit <go...@gn...>, 1996
> Copyright (C) 2011 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> Reporter: msd
> Assignee: Breno Silva Pinto
>
> install PCRE ...
> svn co svn://vcs.exim.org/pcre/code/trunk pcre
> cd pcre
> echo -e $CFLAGS "\n" $CXXFLAGS
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> sh autogen.sh
> ./configure --disable-static --enable-jit --with-link-size=2 --with-match-limit=10000000 --enable-utf --enable-unicode-properties --enable-newline-is-lf
> make
> make install
> /usr/local/bin/pcre-config --version
> 8.32-RC1
> pkg-config libpcre --libs --cflags
> -I/usr/local/include -L/usr/local/lib64 -lpcre
> ls -al /usr/local/lib64/libpcre*
> -rwxr-xr-x 1 root root 965 Oct 18 11:44 /usr/local/lib64/libpcrecpp.la*
> lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0*
> lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0*
> -rwxr-xr-x 1 root root 46K Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0.0.0*
> -rwxr-xr-x 1 root root 919 Oct 18 11:44 /usr/local/lib64/libpcre.la*
> -rwxr-xr-x 1 root root 977 Oct 18 11:44 /usr/local/lib64/libpcreposix.la*
> lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so -> libpcreposix.so.0.0.1*
> lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.1*
> -rwxr-xr-x 1 root root 13K Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0.0.1*
> lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1*
> lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1*
> -rwxr-xr-x 1 root root 577K Oct 18 11:44 /usr/local/lib64/libpcre.so.1.0.1*
> install modsecurity ...
> ldd `which httpd` | grep pcre
> libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f6ad63a5000)
> tar zxvf modsecurity-apache_2.7.0.tar.gz
> cd modsecurity-apache_2.7.0
> unset LD_PRELOAD LD_LIBRARY_PATH
> echo -e $CFLAGS "\n" $CXXFLAGS "\n" $LDFLAGS
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
> -L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto
> ./configure \
> --enable-shared --disable-static \
> --enable-apache2-module \
> --with-apxs=/usr/local/apache24x/bin/apxs \
> --with-apr=/usr/local/apache24x/bin/apr-2-config \
> --with-apu=/usr/local/apache24x/bin/apr-2-config \
> --with-pcre=/usr/local \
> --enable-pcre-jit \
> --enable-pcre-study \
> --disable-pcre-match-limit \
> --disable-pcre-match-limit-recursion \
> --disable-docs \
> --enable-strict-compile=yes \
> --enable-errors \
> --enable-verbose-output \
> --with-lua=/usr/local
> make
> make install
> ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
> libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fc9f2736000)
> that's INCORRECT based on the config options.
> It can be changed @ runtime,
> LD_LIBRARY_PATH="/usr/local/lib64" ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
> libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f9a4c2d5000)
> but the path needs to be correctly set/embedded at compile time, not requiring -- or overridable by -- a user-defined ENV var.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Jan v. V. <jan...@it...> - 2012-10-25 14:10:12
|
Hi, Trying to get ModSecurity 2.7.0 to work on a windows server 2008 R2 SP1 with IIS7.5 to no avail. This is what I tried so far: - Installer 2.7.0.msi - Downloaded the debug version followed the reference manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Microsoft_IIS - Copied and registered everything in either System32 (32bit) and SysWOW64 (64bit) - Did a DepencyWalker which only mentioned IEFRAME.DLL for which I read online that's almost always the case. - Reinstalled vcredist_x64 - Set the application pool to 'Enable 32-Bit Applications' All result in 'HTTP Error 503. The service is unavailable' and crash events for modsecurityiis.dll in the Application Event log. On http://blog.spiderlabs.com/2012/07/announcing-the-availability-of-modsecurity-extension-for-iis.html in the comments it states that 'you can add the modsecurity.conf file into the wwwroot'. I'm a little confused about what that location should be. In my situation I have the default website removed. Created a website in d:\websites\website. Where should I put the conf and the rules? )If that should solve my problem. What else can I do to make it work? Thnx, JamBo |
|
From: <msd...@15...> - 2012-10-19 06:17:05
|
unset LD_LIBRARY_PATH
./configure \
--enable-shared --disable-static \
--enable-apache2-module \
--with-apxs=/usr/local/apache24x/bin/apxs \
--with-apr=/usr/local/apache24x/bin/apr-2-config \
--with-apu=/usr/local/apache24x/bin/apr-2-config \
--with-pcre=/usr/local \
--enable-pcre-study \
--disable-pcre-match-limit \
--disable-pcre-match-limit-recursion \
--disable-docs \
--enable-strict-compile=yes \
--enable-errors \
--disable-verbose-output \
--with-lua=/usr/local
make
make install
ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fb956ec2000)
export LD_LIBRARY_PATH="/usr/local/lib64:/usr/lib64"
ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
libpcre.so.1 => /usr/local/lib64/libpcre.so.1
(0x00007ffb1a696000)
So a runtime-environment solution works ... but does not solve the
compile time issue for distribution.
I've tried setting LD_RUN_PATH, adding "-Wl,-rpath ..." as well as "-R
..." to LDFLAGS. So far nothing succeeds at embedding the
/usr/local/lib64 as a binary supplemental path into the modsec shared
library.
|
|
From: <msd...@15...> - 2012-10-18 18:01:42
|
When using luajit lib, via apache config LoadFIle, what options should modsecurity be compiled with? --with-lua=<lua install prefix, e.g. /usr/local> or --with-lua=no ? On Thu, Oct 18, 2012, at 05:17 AM, Breno Silva Pinto (JIRA) wrote: > > [ > https://www.modsecurity.org/tracker/browse/MODSEC-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Breno Silva Pinto resolved MODSEC-23. > ------------------------------------- > > Resolution: Fixed > > > Investigate LuaJIT > > ------------------ > > > > Key: MODSEC-23 > > URL: https://www.modsecurity.org/tracker/browse/MODSEC-23 > > Project: ModSecurity > > Issue Type: Improvement > > Security Level: Normal > > Reporter: Ivan Ristic > > Assignee: Breno Silva Pinto > > Fix For: 3.0.0 > > > > > > Including LuaJIT with ModSecurity will likely improve performance of Lua scripts. > > -- > This message is automatically generated by JIRA. > For more information on JIRA, see: http://www.atlassian.com/software/jira > > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-10-18 17:41:43
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-23.
-------------------------------------
Resolution: Fixed
> Investigate LuaJIT
> ------------------
>
> Key: MODSEC-23
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-23
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 3.0.0
>
>
> Including LuaJIT with ModSecurity will likely improve performance of Lua scripts.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-10-18 17:23:44
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-343.
--------------------------------------
Resolution: Fixed
> mod_security failed to build against libxml2 >= 2.9.0 [PATCH ATTACHED]
> ----------------------------------------------------------------------
>
> Key: MODSEC-343
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-343
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Affects Versions: 2.7.0
> Environment: Fedora 18 (Alpha/Beta)
> Fedora rawhide (next 19)
> Reporter: Athmane Madjoudj
> Assignee: Breno Silva Pinto
> Fix For: 2.7.1
>
> Attachments: mod_security-fix-build-with-libxml29.patch
>
>
> There's an API change in libxml2 which makes mod_security fail to build (see bellow):
> msc_crypt.c:1082:74: error: dereferencing pointer to incomplete type
> msc_crypt.c:1084:60: error: dereferencing pointer to incomplete type
> msc_crypt.c:1096:55: error: dereferencing pointer to incomplete type
> msc_crypt.c:1106:59: error: dereferencing pointer to incomplete type
> msc_crypt.c:1109:141: error: dereferencing pointer to incomplete type
> msc_crypt.c:1113:56: error: dereferencing pointer to incomplete type
> msc_crypt.c:1125:53: error: dereferencing pointer to incomplete type
> msc_crypt.c:1135:57: error: dereferencing pointer to incomplete type
> msc_crypt.c:1138:136: error: dereferencing pointer to incomplete type
> msc_crypt.c: In function 'do_hash_link':
> msc_crypt.c:1316:17: warning: format '%d' expects argument of type 'int', but argument 5 has type 'size_t' [-Wformat]
> make[2]: *** [mod_security2_la-msc_crypt.lo] Error 1
> make[2]: *** Waiting for unfinished jobs....
> libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/include/libxml2 -DWITH_LUA -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1000000 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1000000 -DREQUEST_EARLY -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -c msc_tree.c -o mod_security2_la-msc_tree.o >/dev/null 2>&1
> make[2]: Leaving directory `/builddir/build/BUILD/modsecurity-apache_2.7.0/apache2'
> make[1]: Leaving directory `/builddir/build/BUILD/modsecurity-apache_2.7.0/apache2'
> make[1]: *** [all] Error 2
> make: *** [all-recursive] Error 1
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: <msd...@15...> - 2012-10-18 03:22:27
|
hi
On Wed, Oct 17, 2012, at 07:59 PM, Breno Silva wrote:
> Hello,
>
> Could you please try to compile using the tarball ? not from the svn
> Let me know what happens.
switching to the release tarball,
cd modsecurity-apache_2.7.0/
sh autogen.sh
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR,
`build'.
libtoolize: copying file `build/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `build'.
libtoolize: copying file `build/libtool.m4'
libtoolize: copying file `build/ltoptions.m4'
libtoolize: copying file `build/ltsugar.m4'
libtoolize: copying file `build/ltversion.m4'
libtoolize: copying file `build/lt~obsolete.m4'
automake: warnings are treated as errors
/usr/share/automake-1.12/am/ltlibrary.am: warning: 'libalp2.la':
linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
alp2/Makefile.am:1: while processing Libtool library
'libalp2.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_security2.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
apache2/Makefile.am:2: while processing Libtool library
'mod_security2.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_op_strstr.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_op_strstr.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_reqbody_example.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_reqbody_example.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_tfn_reverse.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_tfn_reverse.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_var_remote_addr_port.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_var_remote_addr_port.la'
mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with
per-target flags requires 'AM_PROG_CC_C_O' in 'configure.ac'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'standalone.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
standalone/Makefile.am:2: while processing Libtool library
'standalone.la'
autoreconf: automake failed with exit status: 1
automake: warnings are treated as errors
/usr/share/automake-1.12/am/ltlibrary.am: warning: 'libalp2.la':
linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
alp2/Makefile.am:1: while processing Libtool library
'libalp2.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_security2.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
apache2/Makefile.am:2: while processing Libtool library
'mod_security2.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_op_strstr.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_op_strstr.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_reqbody_example.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_reqbody_example.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_tfn_reverse.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_tfn_reverse.la'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'mod_var_remote_addr_port.la': linking libtool libraries using a
non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
ext/Makefile.am:11: while processing Libtool library
'mod_var_remote_addr_port.la'
mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with
per-target flags requires 'AM_PROG_CC_C_O' in 'configure.ac'
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'standalone.la': linking libtool libraries using a non-POSIX
/usr/share/automake-1.12/am/ltlibrary.am: archiver requires
'AM_PROG_AR' in 'configure.ac'
standalone/Makefile.am:2: while processing Libtool library
'standalone.la'
./configure \
--enable-shared --disable-static \
--enable-apache2-module \
--with-apxs=/usr/local/apache24x/bin/apxs \
--with-apr=/usr/local/apache24x/bin/apr-2-config \
--with-apu=/usr/local/apache24x/bin/apr-2-config \
--with-pcre=/usr/local/bin/pcre-config \
--disable-pcre-study \
--disable-pcre-match-limit \
--disable-pcre-match-limit-recursion \
--without-lua \
--enable-strict-compile=no \
--disable-errors --enable-verbose-output
make
ldd /usr/local/apache24x/modules/mod_security2.so*
linux-vdso.so.1 (0x00007fff99ab2000)
libapr-2.so.0 => /usr/local/apache24x/lib/libapr-2.so.0
(0x00007f1588aad000)
libssl.so.1.0.0 => /usr/local/ssl/lib64/libssl.so.1.0.0
(0x00007f1588842000)
libcrypto.so.1.0.0 => /usr/local/ssl/lib64/libcrypto.so.1.0.0
(0x00007f1588457000)
libuuid.so.1 => /usr/lib64/libuuid.so.1 (0x00007f1588252000)
librt.so.1 => /lib64/librt.so.1 (0x00007f1588010000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f1587dd5000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f1587bb9000)
libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f158798e000)
==> libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f1587734000)
libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007f15873d6000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f15871d1000)
liblzma.so.5 => /usr/lib64/liblzma.so.5 (0x00007f1586fab000)
libz.so.1 => /lib64/libz.so.1 (0x00007f1586d95000)
libm.so.6 => /lib64/libm.so.6 (0x00007f1586a9d000)
libc.so.6 => /lib64/libc.so.6 (0x00007f15866f8000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1588f7c000)
that's the wrong pcre lib,
/usr/local/bin/pcre-config --libs --cflags
-L/usr/local/lib64 -lpcre
-I/usr/local/include
also, if you repeat the above with
--enable-docs \
make fails
make
...
/bin/sh ../libtool --tag=CC --mode=link /usr/bin/gcc-4.7
-I/usr/local/apache24x/include -I/usr/include
-I/usr/local/include -O3 -march=amdfam10 -mtune=amdfam10 -fPIC
-DPIC -D_GNU_SOURCE -fno-strict-aliasing -lcrypt -luuid -lrt
-lcrypt -lpthread -ldl -lexpat -L/usr/local/ssl/lib64
-Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto -o mlogc
mlogc-mlogc.o /usr/local/apache24x/lib/libapr-2.la
-L/usr/local/lib64 -lpcre -lcurl
libtool: link: /usr/bin/gcc-4.7 -I/usr/local/apache24x/include
-I/usr/include -I/usr/local/include -O3 -march=amdfam10
-mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing
-Wl,-rpath -Wl,/usr/local/ssl/lib64 -o mlogc mlogc-mlogc.o
-L/usr/local/ssl/lib64 /usr/local/apache24x/lib/libapr-2.so
-lssl -lcrypto -luuid -lrt -lcrypt -lpthread -ldl -lexpat
-L/usr/local/lib64 /usr/local/lib64/libpcre.so -lcurl -pthread
-Wl,-rpath -Wl,/usr/local/apache24x/lib -Wl,-rpath
-Wl,/usr/local/apache24x/lib
make[1]: Leaving directory
`/usr/local/src/modsecurity-apache_2.7.0/mlogc'
Making all in docs
/bin/sh: line 17: cd: docs: No such file or directory
make: *** [all-recursive] Error 1
further, if you change the above to remove
- --without-lua \
make again fails, differently,
make
...
mv -f .deps/mod_security2_la-acmp.Tpo
.deps/mod_security2_la-acmp.Plo
/bin/sh ../libtool --tag=CC --mode=compile /usr/bin/gcc-4.7
-DHAVE_CONFIG_H -I. -D_REENTRANT -D_GNU_SOURCE
-I/usr/local/include -I/usr/local/ssl/include -I/usr/include
-I/usr/local/apache24x/include -I/usr/local/apache24x/include
-I/usr/include -I/usr/local/apache24x/include -I/usr/include
-I/usr/local/include -I/usr/include/libxml2 -DWITH_LUA
-DREQUEST_EARLY -O3 -march=amdfam10 -mtune=amdfam10
-fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -MT
mod_security2_la-msc_lua.lo -MD -MP -MF
.deps/mod_security2_la-msc_lua.Tpo -c -o
mod_security2_la-msc_lua.lo `test -f 'msc_lua.c' || echo
'./'`msc_lua.c
libtool: compile: /usr/bin/gcc-4.7 -DHAVE_CONFIG_H -I.
-D_REENTRANT -D_GNU_SOURCE -I/usr/local/include
-I/usr/local/ssl/include -I/usr/include
-I/usr/local/apache24x/include -I/usr/local/apache24x/include
-I/usr/include -I/usr/local/apache24x/include -I/usr/include
-I/usr/local/include -I/usr/include/libxml2 -DWITH_LUA
-DREQUEST_EARLY -O3 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC
-D_GNU_SOURCE -fno-strict-aliasing -MT
mod_security2_la-msc_lua.lo -MD -MP -MF
.deps/mod_security2_la-msc_lua.Tpo -c msc_lua.c -fPIC -DPIC -o
.libs/mod_security2_la-msc_lua.o
msc_lua.c: In function 'lua_restore':
msc_lua.c:82:5: error: too few arguments to function 'lua_load'
In file included from msc_lua.h:23:0,
from msc_lua.c:17:
/usr/include/lua.h:256:16: note: declared here
msc_lua.c: In function 'lua_compile':
msc_lua.c:93:7: warning: assignment makes pointer from integer
without a cast [enabled by default]
msc_lua.c: In function 'lua_execute':
msc_lua.c:414:7: warning: assignment makes pointer from integer
without a cast [enabled by default]
make[2]: *** [mod_security2_la-msc_lua.lo] Error 1
make[2]: Leaving directory
`/usr/local/src/modsecurity-apache_2.7.0/apache2'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/usr/local/src/modsecurity-apache_2.7.0/apache2'
make: *** [all-recursive] Error 1
|
|
From: Diego E. P. <fla...@gm...> - 2012-10-17 23:07:09
|
On 17/10/2012 06:59, Muenz, Michael wrote: > Rules are from the current ruleset and work with 2.6.6, no more > information in the apache error log. This is not limited to the SLR rules; some optional and experimental rules have problems as well. For reference, about around rc1 I wrote a script to validate my ruleset (which needed, though, some extra fixes). You can find it at https://github.com/Flameeyes/modsec-flameeyes/blob/master/verify.rb if you want. I have tweaked it this morning to get it to run properly over the CRS, but there might still be a few kinks that require manual intervention, it should be fine though. -- Diego Elio Pettenò — Flameeyes fla...@fl... — http://blog.flameeyes.eu/ |
|
From: <msd...@15...> - 2012-10-17 22:46:43
|
We're asked to send bugs to this list. So just relabeling as "[BUG]" ... On Tue, Oct 16, 2012, at 11:41 PM, msd...@15... wrote: > Noting the new 2.7 release, switching to 2.7.x branch, > > svn info > Path: . > Working Copy Root Path: /usr/local/src/modsecurity > URL: > https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/branches/2.7.x > Repository Root: > https://mod-security.svn.sourceforge.net/svnroot/mod-security > Repository UUID: 9017d574-64ec-4062-9424-5e00b32a252b > Revision: 2088 > Node Kind: directory > Schedule: normal > Last Changed Author: brenosilva > Last Changed Rev: 2087 > Last Changed Date: 2012-10-16 06:16:14 -0700 (Tue, 16 > Oct 2012) > > even with, > > > removing "-Wall -Werror" from automake init, > > > > perl -pi -e 's|^(AM_INIT_AUTOMAKE\(\[).*(\]\))|$1foreign$2|g' configure.ac > > as before, now, it won't build copmletely at all; `make` now fails @ > > ... > Making all in mlogc > make[1]: Entering directory `/usr/local/src/modsecurity/mlogc' > /usr/bin/gcc-4.7 -DHAVE_CONFIG_H -I. -I../apache2 -D_REENTRANT > -D_GNU_SOURCE -I../apache2 -I/usr/local/include > -I/usr/local/ssl/include -I/usr/include > -I/usr/local/apache24x/include -I/usr/include > -I/usr/local/include -O3 -march=amdfam10 -mtune=amdfam10 -fPIC > -DPIC -D_GNU_SOURCE -fno-strict-aliasing -MT mlogc-mlogc.o -MD > -MP -MF .deps/mlogc-mlogc.Tpo -c -o mlogc-mlogc.o `test -f > 'mlogc.c' || echo './'`mlogc.c > mv -f .deps/mlogc-mlogc.Tpo .deps/mlogc-mlogc.Po > /bin/sh ../libtool --tag=CC --mode=link /usr/bin/gcc-4.7 > -I/usr/local/apache24x/include -I/usr/include > -I/usr/local/include -O3 -march=amdfam10 -mtune=amdfam10 -fPIC > -DPIC -D_GNU_SOURCE -fno-strict-aliasing -lcrypt -luuid -lrt > -lcrypt -lpthread -ldl -lexpat -L/usr/local/ssl/lib64 > -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto -o mlogc > mlogc-mlogc.o /usr/local/apache24x/lib/libapr-2.la > -L/usr/local/lib64 -lpcre -lcurl > libtool: link: /usr/bin/gcc-4.7 -I/usr/local/apache24x/include > -I/usr/include -I/usr/local/include -O3 -march=amdfam10 > -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing > -Wl,-rpath -Wl,/usr/local/ssl/lib64 -o mlogc mlogc-mlogc.o > -L/usr/local/ssl/lib64 /usr/local/apache24x/lib/libapr-2.so > -lssl -lcrypto -luuid -lrt -lcrypt -lpthread -ldl -lexpat > -L/usr/local/lib64 /usr/local/lib64/libpcre.so -lcurl -pthread > -Wl,-rpath -Wl,/usr/local/apache24x/lib -Wl,-rpath > -Wl,/usr/local/apache24x/lib > make[1]: Leaving directory `/usr/local/src/modsecurity/mlogc' > Making all in docs > /bin/sh: line 17: cd: docs: No such file or directory > make: *** [all-recursive] Error 1 > > > On Sun, Oct 14, 2012, at 10:24 AM, msd...@15... wrote: > > Hi > > > > Building latest mod-security, > > > > svn co > > https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/branches/2.6.x > > modsecurity > > cd /usr/local/src/modsecurity > > svn info > > Path: . > > Working Copy Root Path: /usr/local/src/modsecurity > > URL: > > https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/branches/2.6.x > > Repository Root: > > https://mod-security.svn.sourceforge.net/svnroot/mod-security > > Repository UUID: 9017d574-64ec-4062-9424-5e00b32a252b > > Revision: 2079 > > Node Kind: directory > > Schedule: normal > > Last Changed Author: brenosilva > > Last Changed Rev: 2064 > > Last Changed Date: 2012-09-25 07:02:50 -0700 (Tue, 25 > > Sep 2012) > > > > I see a number of configure & build failures. > > > > On linux/64 with > > > > gcc -v | grep version > > Using built-in specs. > > COLLECT_GCC=/usr/bin/gcc-4.7 > > COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/4.7/lto-wrapper > > Target: x86_64-suse-linux > > Configured with: ../configure --prefix=/usr > > --infodir=/usr/share/info --mandir=/usr/share/man > > --libdir=/usr/lib64 --libexecdir=/usr/lib64 > > --enable-languages=c,c++,objc,fortran,obj-c++,java,ada > > --enable-checking=release > > --with-gxx-include-dir=/usr/include/c++/4.7 --enable-ssp > > --disable-libssp --disable-libitm --disable-plugin > > --with-bugurl=http://bugs.opensuse.org/ > > --with-pkgversion='SUSE Linux' --disable-libgcj > > --disable-libmudflap --with-slibdir=/lib64 > > --with-system-zlib --enable-__cxa_atexit > > --enable-libstdcxx-allocator=new --disable-libstdcxx-pch > > --enable-version-specific-runtime-libs > > --enable-linker-build-id --program-suffix=-4.7 > > --enable-linux-futex --without-system-libunwind > > --with-arch-32=i586 --with-tune=generic > > --build=x86_64-suse-linux > > Thread model: posix > > gcc version 4.7.2 20120920 [gcc-4_7-branch revision > > 191568] (SUSE Linux) > > > > > > and ENV including > > > > echo -e $CFLAGS "\n" $CXXFLAGS "\n" $LDFLAGS "\n" $CPPFLAGS > > -O3 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC > > -D_GNU_SOURCE -fno-strict-aliasing > > -O3 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC > > -D_GNU_SOURCE -fno-strict-aliasing > > -L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 > > -lssl -lcrypto > > -I/usr/local/include -I/usr/local/ssl/include > > -I/usr/include > > > > 'autogen.sh' complains > > > > sh autogen.sh > > > > libtoolize: putting auxiliary files in > > AC_CONFIG_AUX_DIR, `build'. > > libtoolize: copying file `build/ltmain.sh' > > libtoolize: putting macros in AC_CONFIG_MACRO_DIR, > > `build'. > > libtoolize: copying file `build/libtool.m4' > > libtoolize: copying file `build/ltoptions.m4' > > libtoolize: copying file `build/ltsugar.m4' > > libtoolize: copying file `build/ltversion.m4' > > libtoolize: copying file `build/lt~obsolete.m4' > > configure.ac:20: installing 'build/config.guess' > > configure.ac:20: installing 'build/config.sub' > > configure.ac:17: installing 'build/install-sh' > > configure.ac:17: installing 'build/missing' > > automake: warnings are treated as errors > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'libalp2.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > alp2/Makefile.am:1: while processing Libtool library > > 'libalp2.la' > > alp2/Makefile.am: installing 'build/depcomp' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_security2.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > apache2/Makefile.am:2: while processing Libtool > > library 'mod_security2.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_op_strstr.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_op_strstr.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_reqbody_example.la': linking libtool libraries > > using a non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_reqbody_example.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_tfn_reverse.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_tfn_reverse.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_var_remote_addr_port.la': linking libtool libraries > > using a non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_var_remote_addr_port.la' > > mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with > > per-target flags requires 'AM_PROG_CC_C_O' in > > 'configure.ac' > > autoreconf: automake failed with exit status: 1 > > automake: warnings are treated as errors > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'libalp2.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > alp2/Makefile.am:1: while processing Libtool library > > 'libalp2.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_security2.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > apache2/Makefile.am:2: while processing Libtool > > library 'mod_security2.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_op_strstr.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_op_strstr.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_reqbody_example.la': linking libtool libraries > > using a non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_reqbody_example.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_tfn_reverse.la': linking libtool libraries using a > > non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_tfn_reverse.la' > > /usr/share/automake-1.12/am/ltlibrary.am: warning: > > 'mod_var_remote_addr_port.la': linking libtool libraries > > using a non-POSIX > > /usr/share/automake-1.12/am/ltlibrary.am: archiver > > requires 'AM_PROG_AR' in 'configure.ac' > > ext/Makefile.am:11: while processing Libtool library > > 'mod_var_remote_addr_port.la' > > mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with > > per-target flags requires 'AM_PROG_CC_C_O' in > > 'configure.ac' > > > > causing a subsequent 'configure' > > > > ./configure \ > > --enable-shared --disable-static \ > > --enable-apache2-module \ > > --with-apxs=/usr/local/apache24x/bin/apxs \ > > --with-apr=/usr/local/apache24x/bin/apr-2-config \ > > --with-apu=/usr/local/apache24x/bin/apr-2-config \ > > --with-pcre=/usr/local/bin/pcre-config > > --enable-strict-compile=no > > > > to FAIL, > > > > ... > > checking if libcurl is linked with gnutls... no > > configure: using curl v7.25.0 > > checking that generated files are newer than configure... done > > configure: creating ./config.status > > config.status: creating Makefile > > config.status: error: cannot find input file: > > `tools/Makefile.in' > > > > removing "-Wall -Werror" from automake init, > > > > perl -pi -e 's|^(AM_INIT_AUTOMAKE\(\[).*(\]\))|$1foreign$2|g' > > configure.ac > > > > quiets down autgen.sh > > > > make clean > > sh autogen.sh > > libtoolize: putting auxiliary files in > > AC_CONFIG_AUX_DIR, `build'. > > libtoolize: copying file `build/ltmain.sh' > > libtoolize: putting macros in AC_CONFIG_MACRO_DIR, > > `build'. > > libtoolize: copying file `build/libtool.m4' > > libtoolize: copying file `build/ltoptions.m4' > > libtoolize: copying file `build/ltsugar.m4' > > libtoolize: copying file `build/ltversion.m4' > > libtoolize: copying file `build/lt~obsolete.m4' > > > > and enables configure, > > > > ./configure \ > > --enable-shared --disable-static \ > > --enable-apache2-module \ > > --with-apxs=/usr/local/apache24x/bin/apxs \ > > --with-apr=/usr/local/apache24x/bin/apr-2-config \ > > --with-apu=/usr/local/apache24x/bin/apr-2-config \ > > --with-pcre=/usr/local/bin/pcre-config \ > > --enable-strict-compile=no > > > > to complete. but now subsequent 'make' FAILS, > > ... > > msc_lua.c: In function 'lua_restore': > > msc_lua.c:82:5: error: too few arguments to function 'lua_load' > > In file included from msc_lua.h:23:0, > > from msc_lua.c:17: > > /usr/include/lua.h:256:16: note: declared here > > msc_lua.c: In function 'lua_compile': > > msc_lua.c:93:7: warning: assignment makes pointer from integer > > without a cast [enabled by default] > > msc_lua.c: In function 'lua_execute': > > msc_lua.c:408:7: warning: assignment makes pointer from integer > > without a cast [enabled by default] > > make[2]: *** [mod_security2_la-msc_lua.lo] Error 1 > > make[2]: Leaving directory `/usr/local/src/modsecurity/apache2' > > make[1]: *** [all] Error 2 > > make[1]: Leaving directory `/usr/local/src/modsecurity/apache2' > > make: *** [all-recursive] Error 1 > > > > disabling 'lua' > > > > ./configure \ > > --enable-shared --disable-static \ > > --enable-apache2-module \ > > --with-apxs=/usr/local/apache24x/bin/apxs \ > > --with-apr=/usr/local/apache24x/bin/apr-2-config \ > > --with-apu=/usr/local/apache24x/bin/apr-2-config \ > > --with-pcre=/usr/local/bin/pcre-config \ > > --enable-strict-compile=no \ > > + --without-lua > > > > fixes that. 'make' completes, but, > > > > ldd ./apache2/.libs/mod_security2.so > > linux-vdso.so.1 (0x00007fff7c5b7000) > > libapr-2.so.0 => /usr/local/apache24x/lib/libapr-2.so.0 > > (0x00007f7577602000) > > libssl.so.1.0.0 => /usr/local/ssl/lib64/libssl.so.1.0.0 > > (0x00007f7577397000) > > libcrypto.so.1.0.0 => /usr/local/ssl/lib64/libcrypto.so.1.0.0 > > (0x00007f7576fac000) > > libuuid.so.1 => /usr/lib64/libuuid.so.1 (0x00007f7576da7000) > > librt.so.1 => /lib64/librt.so.1 (0x00007f7576b65000) > > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f757692a000) > > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f757670e000) > > libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f75764e3000) > > !! libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f7576289000) > > libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007f7575f2b000) > > libdl.so.2 => /lib64/libdl.so.2 (0x00007f7575d26000) > > liblzma.so.5 => /usr/lib64/liblzma.so.5 (0x00007f7575b00000) > > libz.so.1 => /lib64/libz.so.1 (0x00007f75758ea000) > > libm.so.6 => /lib64/libm.so.6 (0x00007f75755f2000) > > libc.so.6 => /lib64/libc.so.6 (0x00007f757524d000) > > /lib64/ld-linux-x86-64.so.2 (0x00007f7577ac3000) > > > > > > the lib is linked against an incorrect 'libpcre' > > > > libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f7576289000) > > > > since > > > > ... > > --with-pcre=/usr/local/bin/pcre-config \ > > ... > > > > should link against > > > > /usr/local/bin/pcre-config --libs --cflags > > -L/usr/local/lib64 -lpcre > > -I/usr/local/include > > ls -al /usr/local/lib64/libpcre.so* > > lrwxrwxrwx 1 root root 16 Oct 13 21:35 > > /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1* > > lrwxrwxrwx 1 root root 16 Oct 13 21:35 > > /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1* > > -rwxr-xr-x 1 root root 573K Oct 13 21:35 > > /usr/local/lib64/libpcre.so.1.0.1* > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. <bre...@gm...> - 2012-10-17 14:34:41
|
Hello Michael, This is an issue in the Core Ruleset and it is maintained by https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project Please submit this issue to CRS project list. Thanks Breno On Wed, Oct 17, 2012 at 8:59 AM, Muenz, Michael <m....@sp...>wrote: > Hey Dev-Team, > > just updated to 2.7.0 and got this error while running apachectl > configtest: > > Syntax error on line 17 of > > /etc/apache2/modsecurity/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf: > ModSecurity: No action id present within the rule > Action 'configtest' failed. > The Apache error log may have more information. > > Rules are from the current ruleset and work with 2.6.6, no more > information in the apache error log. > > Best regards > Michael > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Muenz, M. <m....@sp...> - 2012-10-17 14:00:06
|
Hey Dev-Team, just updated to 2.7.0 and got this error while running apachectl configtest: Syntax error on line 17 of /etc/apache2/modsecurity/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf: ModSecurity: No action id present within the rule Action 'configtest' failed. The Apache error log may have more information. Rules are from the current ruleset and work with 2.6.6, no more information in the apache error log. Best regards Michael |
10 messages has been excluded from this view by a project administrator.
