mod-security-developers Mailing List for ModSecurity (Page 31)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-05-10 23:48:28
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-295.
--------------------------------------
Resolution: Fixed
> Wrong Client IP with Reverse Proxy Apache 2.4
> ---------------------------------------------
>
> Key: MODSEC-295
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-295
> Project: ModSecurity
> Issue Type: New Feature
> Security Level: Normal
> Components: Core
> Affects Versions: 2.6.5
> Environment: Win
> Reporter: Steffen
> Assignee: Breno Silva Pinto
> Priority: High
> Fix For: 2.7.0
>
>
> I am using ProxyPass and using in the backend host with Apache 2.4 mod_remoteip with RemoteIPHeader X-Forwarded-For:
> RemoteIPHeader X-Forwarded-For
> RemoteIPTrustedProxy 127.0.0.1
>
> Now logs mod_security as client 127.0.0.1 instead of the real client IP as used, not sure if in other area's of mod_security it is taken the wrong IP.
>
> [Sat Mar 24 11:30:52.640097 2012] [remoteip:info] [pid 628:tid 1472] [client 188.93.10.56:50800] Using 188.93.10.56 as client's IP by proxies 127.0.0.1
>
> [Sat Mar 24 11:30:52.640097 2012] [:error] [pid 628:tid 1472] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.\\\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "473"] [id "50904"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.land10web.com"] [uri "/"] [unique_id "T22iXMCoAQQAAAJ0x4cAAAB3"]
> It is related to MODSEC-158 which was based Apache 2.3 , and not on Apache 2.4 with the API IP changes.
> Steffen
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-05-10 23:48:28
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-179.
--------------------------------------
Resolution: Won't Fix
> Rule removal by marked section
> ------------------------------
>
> Key: MODSEC-179
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-179
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Components: Configuration
> Affects Versions: 2.5.12
> Environment: CentOS release 5.5 (Final)
> mod_security-2.5.12-1.el5 (EPEL)
> Reporter: George Notaras
> Assignee: Breno Silva Pinto
> Fix For: 2.7.0
>
>
> A configuration directive that would allow the user to remove all the rules between two SecMarker directives would be very convenient, especially in cases that a large group of rules should be removed in a particular context.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-05-10 23:41:48
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-206.
--------------------------------------
Resolution: Incomplete
> Sanitize XML
> ------------
>
> Key: MODSEC-206
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-206
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Components: Core
> Environment: ALL
> Reporter: Guillermo Caminer
> Assignee: Breno Silva Pinto
> Fix For: 2.7.0
>
>
> Sainitize XML payload (ex. Web Services credentials in a SOAP Envelope)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Peter V. <pv...@re...> - 2012-03-30 11:21:01
|
Hi all, I'd like to share with you a report from coverity[1] scan against mod_security-2.6.5. Please see the attachment. Regards, Peter. [1]: http://www.coverity.com |
|
From: Alberto G. I. <ag...@in...> - 2012-03-21 16:48:38
|
The Dependency should be downloaded for you by apt (that's liblua5.1-0). What you may also need is the lua5.1 package which is not on the Depends field of the package since it's not required for it to work, but I will add it to the Recommends field. Regards, Alberto On Wed, Mar 21, 2012 at 10:11:56AM -0500, Ryan Barnett wrote: > I will check on it again today. I am preparing instructions for an OWASP training class I am giving soon. I think that maybe I didn't have the liblua so package installed. Do you know the right package name for it? > > Ryan > > On Mar 21, 2012, at 11:08 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > > > On Mon, Mar 19, 2012 at 08:20:18AM -0500, Ryan Barnett wrote: > >> Here you go - > >> > >> # dpkg -p libapache-mod-security > > > > | grep Depends > > > >> Depends: mod-security-common (= 2.5.11-1), apache2.2-common, libxml2 (>= > >> 2.7.4), libc6 (>= 2.4), liblua5.1-0, libpcre3 (>= 7.7) > > > > That should have lua support. > > > > Regards, > > > > Alberto > > > > (I replied you off-list but don't know it you got it) > > -- > > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > > Encrypted mail preferred | http://inittab.com > > > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > > Try Windows Azure free for 90 days Click Here > > http://p.sf.net/sfu/sfd2d-msazure > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Ryan B. <RBa...@tr...> - 2012-03-21 15:12:09
|
I will check on it again today. I am preparing instructions for an OWASP training class I am giving soon. I think that maybe I didn't have the liblua so package installed. Do you know the right package name for it? Ryan On Mar 21, 2012, at 11:08 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > On Mon, Mar 19, 2012 at 08:20:18AM -0500, Ryan Barnett wrote: >> Here you go - >> >> # dpkg -p libapache-mod-security > > | grep Depends > >> Depends: mod-security-common (= 2.5.11-1), apache2.2-common, libxml2 (>= >> 2.7.4), libc6 (>= 2.4), liblua5.1-0, libpcre3 (>= 7.7) > > That should have lua support. > > Regards, > > Alberto > > (I replied you off-list but don't know it you got it) > -- > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > Encrypted mail preferred | http://inittab.com > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Alberto G. I. <ag...@in...> - 2012-03-21 15:08:25
|
On Mon, Mar 19, 2012 at 08:20:18AM -0500, Ryan Barnett wrote: > Here you go - > > # dpkg -p libapache-mod-security | grep Depends > Depends: mod-security-common (= 2.5.11-1), apache2.2-common, libxml2 (>= > 2.7.4), libc6 (>= 2.4), liblua5.1-0, libpcre3 (>= 7.7) That should have lua support. Regards, Alberto (I replied you off-list but don't know it you got it) -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Breno S. <bre...@gm...> - 2012-03-21 13:06:28
|
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.5 Release. The stability of this release must be good and it includes some bug fixes. We increased the debug log level for some messages includes in the last release. Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod...@li.... |
|
From: Ryan B. <RBa...@tr...> - 2012-03-19 13:20:30
|
Here you go -
# dpkg -p libapache-mod-security
Package: libapache-mod-security
Priority: optional
Section: httpd
Installed-Size: 328
Maintainer: Ubuntu Developers <ubu...@li...>
Architecture: i386
Version: 2.5.11-1
Replaces: libapache2-mod-security2
Provides: libapache2-mod-security2
Depends: mod-security-common (= 2.5.11-1), apache2.2-common, libxml2 (>=
2.7.4), libc6 (>= 2.4), liblua5.1-0, libpcre3 (>= 7.7)
Size: 113548
Description: Tighten web applications security for Apache
Mod_security is an Apache module whose purpose is to tighten the Web
application security. Effectively, it is an intrusion detection and
prevention
system for the web server.
.
At the moment its main features are:
* Audit log; store full request details in a separate file, including
POST
payloads.
* Request filtering; incoming requests can be analysed and offensive
requests
can be rejected (or simply logged, if that is what you want). This
feature
can be used to prevent many types of attacks (e.g. XSS attacks, SQL
injection, ...) and even allow you to run insecure applications on
your
servers (if you have no other choice, of course).
.
In addition to this package the mod-security-common package, which
includes
documentation and configuration examples, will be installed.
Original-Maintainer: Alberto Gonzalez Iniesta <ag...@in...>
On 3/17/12 7:39 PM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote:
>My debs are the ones shipped with Debian. No need to add an extra repo.
>Could you send me (off-list) the output from 'dpkg -p
>$(YOUR_MODSEC_PACKAGE)?
>2.5.12 was present in Squeeze and still called libapache2-mod-security2,
>it shoud have Lua support.
>
>
>On Sat, Mar 17, 2012 at 12:39:19PM -0500, Ryan Barnett wrote:
>> No nothing specific. I was just testing the v2.5.12 version I got after
>>apt-get install libapache2-modsecurity and it didn't have Lua support.
>>
>> Perhaps I should add your repo to my sources.list file... What is your
>>deb?
>>
>> Ryan
>>
>> On Mar 17, 2012, at 1:35 PM, "Alberto Gonzalez Iniesta"
>><ag...@in...> wrote:
>>
>> > Hi Ryan,
>> >
>> > Yes. Anything I should be careful with?
>> >
>> > Regards,
>> >
>> > Alberto
>> >
>> > On Sat, Mar 17, 2012 at 11:22:55AM -0500, Ryan Barnett wrote:
>> >> Alberto,
>> >> When you create the ModSecurity package, do you add Lua support?
>> >>
>> >> Ryan
>> >>
>> >> On Mar 16, 2012, at 9:53 AM, "Alberto Gonzalez Iniesta"
>><ag...@in...> wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This
>>file
>> >>> is removed on "make distclean", which in turn messes up with those
>> >>> dealing with the sources on a VCS (i.e. git) for packaging. Could
>>it be
>> >>> removed (as it was before 2.6.4) in next releases?
>> >>>
>> >>> Thanks a lot,
>> >>>
>> >>> Alberto
>> >>>
>> >>> --
>> >>> Alberto Gonzalez Iniesta | Formación, consultoría y soporte
>>técnico
>> >>> agi@(inittab.org|debian.org)| en GNU/Linux y software libre
>> >>> Encrypted mail preferred | http://inittab.com
>> >>>
>> >>> Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
>> >>>
>> >>>
>>-------------------------------------------------------------------------
>>-----
>> >>> This SF email is sponsosred by:
>> >>> Try Windows Azure free for 90 days Click Here
>> >>> http://p.sf.net/sfu/sfd2d-msazure
>> >>> _______________________________________________
>> >>> mod-security-developers mailing list
>> >>> mod...@li...
>> >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> >>> ModSecurity Services from Trustwave's SpiderLabs:
>> >>> https://www.trustwave.com/spiderLabs.php
>> >>>
>> >>
>> >> This transmission may contain information that is privileged,
>>confidential, and/or exempt from disclosure under applicable law. If you
>>are not the intended recipient, you are hereby notified that any
>>disclosure, copying, distribution, or use of the information contained
>>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
>>received this transmission in error, please immediately contact the
>>sender and destroy the material in its entirety, whether in electronic
>>or hard copy format.
>> >>
>>-------------------------------------------------------------------------
>>-----
>> >> This SF email is sponsosred by:
>> >> Try Windows Azure free for 90 days Click Here
>> >> http://p.sf.net/sfu/sfd2d-msazure
>> >> _______________________________________________
>> >> mod-security-developers mailing list
>> >> mod...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> >> ModSecurity Services from Trustwave's SpiderLabs:
>> >> https://www.trustwave.com/spiderLabs.php
>> >
>> > --
>> > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
>> > agi@(inittab.org|debian.org)| en GNU/Linux y software libre
>> > Encrypted mail preferred | http://inittab.com
>> >
>> > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
>> >
>> >
>>-------------------------------------------------------------------------
>>-----
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> > _______________________________________________
>> > mod-security-developers mailing list
>> > mod...@li...
>> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > ModSecurity Services from Trustwave's SpiderLabs:
>> > https://www.trustwave.com/spiderLabs.php
>> >
>>
>> This transmission may contain information that is privileged,
>>confidential, and/or exempt from disclosure under applicable law. If you
>>are not the intended recipient, you are hereby notified that any
>>disclosure, copying, distribution, or use of the information contained
>>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
>>received this transmission in error, please immediately contact the
>>sender and destroy the material in its entirety, whether in electronic
>>or hard copy format.
>>
>>-------------------------------------------------------------------------
>>-----
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>
>--
>Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
>agi@(inittab.org|debian.org)| en GNU/Linux y software libre
>Encrypted mail preferred | http://inittab.com
>
>Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
>
>--------------------------------------------------------------------------
>----
>This SF email is sponsosred by:
>Try Windows Azure free for 90 days Click Here
>http://p.sf.net/sfu/sfd2d-msazure
>_______________________________________________
>mod-security-developers mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>ModSecurity Services from Trustwave's SpiderLabs:
>https://www.trustwave.com/spiderLabs.php
>
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
|
|
From: Alberto G. I. <ag...@in...> - 2012-03-17 23:39:46
|
My debs are the ones shipped with Debian. No need to add an extra repo. Could you send me (off-list) the output from 'dpkg -p $(YOUR_MODSEC_PACKAGE)? 2.5.12 was present in Squeeze and still called libapache2-mod-security2, it shoud have Lua support. On Sat, Mar 17, 2012 at 12:39:19PM -0500, Ryan Barnett wrote: > No nothing specific. I was just testing the v2.5.12 version I got after apt-get install libapache2-modsecurity and it didn't have Lua support. > > Perhaps I should add your repo to my sources.list file... What is your deb? > > Ryan > > On Mar 17, 2012, at 1:35 PM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > > > Hi Ryan, > > > > Yes. Anything I should be careful with? > > > > Regards, > > > > Alberto > > > > On Sat, Mar 17, 2012 at 11:22:55AM -0500, Ryan Barnett wrote: > >> Alberto, > >> When you create the ModSecurity package, do you add Lua support? > >> > >> Ryan > >> > >> On Mar 16, 2012, at 9:53 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > >> > >>> Hi, > >>> > >>> Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file > >>> is removed on "make distclean", which in turn messes up with those > >>> dealing with the sources on a VCS (i.e. git) for packaging. Could it be > >>> removed (as it was before 2.6.4) in next releases? > >>> > >>> Thanks a lot, > >>> > >>> Alberto > >>> > >>> -- > >>> Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > >>> agi@(inittab.org|debian.org)| en GNU/Linux y software libre > >>> Encrypted mail preferred | http://inittab.com > >>> > >>> Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > >>> > >>> ------------------------------------------------------------------------------ > >>> This SF email is sponsosred by: > >>> Try Windows Azure free for 90 days Click Here > >>> http://p.sf.net/sfu/sfd2d-msazure > >>> _______________________________________________ > >>> mod-security-developers mailing list > >>> mod...@li... > >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >>> ModSecurity Services from Trustwave's SpiderLabs: > >>> https://www.trustwave.com/spiderLabs.php > >>> > >> > >> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > >> ------------------------------------------------------------------------------ > >> This SF email is sponsosred by: > >> Try Windows Azure free for 90 days Click Here > >> http://p.sf.net/sfu/sfd2d-msazure > >> _______________________________________________ > >> mod-security-developers mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> ModSecurity Services from Trustwave's SpiderLabs: > >> https://www.trustwave.com/spiderLabs.php > > > > -- > > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > > Encrypted mail preferred | http://inittab.com > > > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > > Try Windows Azure free for 90 days Click Here > > http://p.sf.net/sfu/sfd2d-msazure > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Ryan B. <RBa...@tr...> - 2012-03-17 17:39:34
|
No nothing specific. I was just testing the v2.5.12 version I got after apt-get install libapache2-modsecurity and it didn't have Lua support. Perhaps I should add your repo to my sources.list file... What is your deb? Ryan On Mar 17, 2012, at 1:35 PM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > Hi Ryan, > > Yes. Anything I should be careful with? > > Regards, > > Alberto > > On Sat, Mar 17, 2012 at 11:22:55AM -0500, Ryan Barnett wrote: >> Alberto, >> When you create the ModSecurity package, do you add Lua support? >> >> Ryan >> >> On Mar 16, 2012, at 9:53 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: >> >>> Hi, >>> >>> Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file >>> is removed on "make distclean", which in turn messes up with those >>> dealing with the sources on a VCS (i.e. git) for packaging. Could it be >>> removed (as it was before 2.6.4) in next releases? >>> >>> Thanks a lot, >>> >>> Alberto >>> >>> -- >>> Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico >>> agi@(inittab.org|debian.org)| en GNU/Linux y software libre >>> Encrypted mail preferred | http://inittab.com >>> >>> Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 >>> >>> ------------------------------------------------------------------------------ >>> This SF email is sponsosred by: >>> Try Windows Azure free for 90 days Click Here >>> http://p.sf.net/sfu/sfd2d-msazure >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >> >> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > -- > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > Encrypted mail preferred | http://inittab.com > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Alberto G. I. <ag...@in...> - 2012-03-17 17:35:14
|
Hi Ryan, Yes. Anything I should be careful with? Regards, Alberto On Sat, Mar 17, 2012 at 11:22:55AM -0500, Ryan Barnett wrote: > Alberto, > When you create the ModSecurity package, do you add Lua support? > > Ryan > > On Mar 16, 2012, at 9:53 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > > > Hi, > > > > Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file > > is removed on "make distclean", which in turn messes up with those > > dealing with the sources on a VCS (i.e. git) for packaging. Could it be > > removed (as it was before 2.6.4) in next releases? > > > > Thanks a lot, > > > > Alberto > > > > -- > > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > > Encrypted mail preferred | http://inittab.com > > > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > > Try Windows Azure free for 90 days Click Here > > http://p.sf.net/sfu/sfd2d-msazure > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Ryan B. <RBa...@tr...> - 2012-03-17 16:23:11
|
Alberto, When you create the ModSecurity package, do you add Lua support? Ryan On Mar 16, 2012, at 9:53 AM, "Alberto Gonzalez Iniesta" <ag...@in...> wrote: > Hi, > > Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file > is removed on "make distclean", which in turn messes up with those > dealing with the sources on a VCS (i.e. git) for packaging. Could it be > removed (as it was before 2.6.4) in next releases? > > Thanks a lot, > > Alberto > > -- > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > Encrypted mail preferred | http://inittab.com > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Breno S. <bre...@gm...> - 2012-03-16 14:58:12
|
Sure.. thanks On Fri, Mar 16, 2012 at 8:52 AM, Alberto Gonzalez Iniesta <ag...@in...>wrote: > Hi, > > Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file > is removed on "make distclean", which in turn messes up with those > dealing with the sources on a VCS (i.e. git) for packaging. Could it be > removed (as it was before 2.6.4) in next releases? > > Thanks a lot, > > Alberto > > -- > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > agi@(inittab.org|debian.org)| en GNU/Linux y software libre > Encrypted mail preferred | http://inittab.com > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Alberto G. I. <ag...@in...> - 2012-03-16 13:53:00
|
Hi, Tarball for 2.6.4 contains apache2/modsecurity_config_auto.h. This file is removed on "make distclean", which in turn messes up with those dealing with the sources on a VCS (i.e. git) for packaging. Could it be removed (as it was before 2.6.4) in next releases? Thanks a lot, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Breno S. <bre...@gm...> - 2012-03-15 11:51:52
|
Yes i fixed all in svn. On 3/15/12, Netstar S.r.l. <in...@ne...> wrote: > Same problem with: > > ModSecurity: collections_remove_staleCan you verify?----- Original > Message ----- > From: "Breno Silva Pinto (JIRA)" <no...@mo...> > To: <mod...@li...> > Sent: Wednesday, March 14, 2012 6:50 AM > Subject: [Mod-security-developers] [JIRA] Resolved: (MODSEC-293) Debug > logging marked as level 1 causing log files to fill quickly > > >> >> [ >> https://www.modsecurity.org/tracker/browse/MODSEC-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel >> ] >> >> Breno Silva Pinto resolved MODSEC-293. >> -------------------------------------- >> >> Resolution: Fixed >> >>> Debug logging marked as level 1 causing log files to fill quickly >>> ----------------------------------------------------------------- >>> >>> Key: MODSEC-293 >>> URL: >>> https://www.modsecurity.org/tracker/browse/MODSEC-293 >>> Project: ModSecurity >>> Issue Type: Bug >>> Security Level: Normal >>> Components: Core >>> Affects Versions: 2.6.4 >>> Environment: EL6 x64, tarball downloaded from >>> http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.6.4/modsecurity-apache_2.6.4.tar.gz/download >>> Reporter: Joel Caplin >>> Assignee: Breno Silva Pinto >>> Priority: High >>> Fix For: 2.6.5 >>> >>> Attachments: persist_dbm-log.patch >>> >>> >>> Line 113, apache2/persist_dbm.c logs an informational string as log level >>> >>> 1. This is causing my error log and audit log to fill up very quickly >>> even when there are no "bad things" happening. >>> Attached is a proposed patch which turns the message into sev 9 and >>> checks the debug log level prior to doing so. This fixes the >>> quick-log-fill issue on my side. >>> Thanks >>> JC >> >> -- >> This message is automatically generated by JIRA. >> For more information on JIRA, see: http://www.atlassian.com/software/jira >> >> >> >> >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Netstar S.r.l. <in...@ne...> - 2012-03-15 11:01:15
|
Same problem with: ModSecurity: collections_remove_staleCan you verify?----- Original Message ----- From: "Breno Silva Pinto (JIRA)" <no...@mo...> To: <mod...@li...> Sent: Wednesday, March 14, 2012 6:50 AM Subject: [Mod-security-developers] [JIRA] Resolved: (MODSEC-293) Debug logging marked as level 1 causing log files to fill quickly > > [ > https://www.modsecurity.org/tracker/browse/MODSEC-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] > > Breno Silva Pinto resolved MODSEC-293. > -------------------------------------- > > Resolution: Fixed > >> Debug logging marked as level 1 causing log files to fill quickly >> ----------------------------------------------------------------- >> >> Key: MODSEC-293 >> URL: >> https://www.modsecurity.org/tracker/browse/MODSEC-293 >> Project: ModSecurity >> Issue Type: Bug >> Security Level: Normal >> Components: Core >> Affects Versions: 2.6.4 >> Environment: EL6 x64, tarball downloaded from >> http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.6.4/modsecurity-apache_2.6.4.tar.gz/download >> Reporter: Joel Caplin >> Assignee: Breno Silva Pinto >> Priority: High >> Fix For: 2.6.5 >> >> Attachments: persist_dbm-log.patch >> >> >> Line 113, apache2/persist_dbm.c logs an informational string as log level >> 1. This is causing my error log and audit log to fill up very quickly >> even when there are no "bad things" happening. >> Attached is a proposed patch which turns the message into sev 9 and >> checks the debug log level prior to doing so. This fixes the >> quick-log-fill issue on my side. >> Thanks >> JC > > -- > This message is automatically generated by JIRA. > For more information on JIRA, see: http://www.atlassian.com/software/jira > > > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-03-14 11:05:21
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-293.
--------------------------------------
Resolution: Fixed
> Debug logging marked as level 1 causing log files to fill quickly
> -----------------------------------------------------------------
>
> Key: MODSEC-293
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-293
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.6.4
> Environment: EL6 x64, tarball downloaded from http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.6.4/modsecurity-apache_2.6.4.tar.gz/download
> Reporter: Joel Caplin
> Assignee: Breno Silva Pinto
> Priority: High
> Fix For: 2.6.5
>
> Attachments: persist_dbm-log.patch
>
>
> Line 113, apache2/persist_dbm.c logs an informational string as log level 1. This is causing my error log and audit log to fill up very quickly even when there are no "bad things" happening.
> Attached is a proposed patch which turns the message into sev 9 and checks the debug log level prior to doing so. This fixes the quick-log-fill issue on my side.
> Thanks
> JC
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. <bre...@gm...> - 2012-03-14 00:46:21
|
If you prefer,
at line 113 (persist_dbm.c)
replace the msr_log() to:
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_retrieve_ex: Retrieving collection
(name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
log_escape(msr->mp, dbm_filename));
}
recompile the code.
Thanks
breno
On Tue, Mar 13, 2012 at 7:05 PM, Breno Silva <bre...@gm...> wrote:
> Can u set debuglevel to 0?
>
> On 3/13/12, Netstar S.r.l. <in...@ne...> wrote:
> > Waiting for next update, there is a way to remedy this situation?
> >
> > Unlike the logs are flooded with these messages and you lose the ability
> to
> > analyze the true errors.
> >
> > Tnx
> >
> >
> >
> > ----- Original Message -----
> > From: Breno Silva
> > To: mod...@li...
> > Sent: Tuesday, March 13, 2012 8:44 PM
> > Subject: Re: [Mod-security-developers] Retrieving collection error
> >
> >
> > This not an error. I will make the debug level (current level 1) for this
> > msg higher in next version.
> >
> > Thanks
> >
> > Breno
> >
> >
> > On Tue, Mar 13, 2012 at 8:37 AM, Netstar S.r.l. <in...@ne...> wrote:
> >
> > I installed and configured mod_security (v. 2.6.4 with Core Rules 2.2.3)
> on
> > a ubuntu platform. Qhen I Activate the configuration, log files are
> > saturated with messages like these:
> >
> > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving
> > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri
> > "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"]
> > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving
> > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx/"]
> > [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"]
> > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving
> > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri
> > "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"]
> > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving
> > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx"]
> > [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"]
> >
> > The configuration file is set with these values:
> >
> > SecTmpDir / xxx
> > SecDataDir / xxx
> >
> > where xxx is an operating system folder with permissions set to write for
> > apache.
> >
> > I checked several times but I can not find the problem.
> >
> > Someone could help me find a solution?
> >
> > Thank you.
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > mod-security-developers mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/spiderLabs.php
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> >
> >
> >
> > _______________________________________________
> > mod-security-developers mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/spiderLabs.php
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > mod-security-developers mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/spiderLabs.php
>
|
|
From: Breno S. <bre...@gm...> - 2012-03-14 00:05:44
|
Can u set debuglevel to 0? On 3/13/12, Netstar S.r.l. <in...@ne...> wrote: > Waiting for next update, there is a way to remedy this situation? > > Unlike the logs are flooded with these messages and you lose the ability to > analyze the true errors. > > Tnx > > > > ----- Original Message ----- > From: Breno Silva > To: mod...@li... > Sent: Tuesday, March 13, 2012 8:44 PM > Subject: Re: [Mod-security-developers] Retrieving collection error > > > This not an error. I will make the debug level (current level 1) for this > msg higher in next version. > > Thanks > > Breno > > > On Tue, Mar 13, 2012 at 8:37 AM, Netstar S.r.l. <in...@ne...> wrote: > > I installed and configured mod_security (v. 2.6.4 with Core Rules 2.2.3) on > a ubuntu platform. Qhen I Activate the configuration, log files are > saturated with messages like these: > > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri > "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx/"] > [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri > "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx"] > [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] > > The configuration file is set with these values: > > SecTmpDir / xxx > SecDataDir / xxx > > where xxx is an operating system folder with permissions set to write for > apache. > > I checked several times but I can not find the problem. > > Someone could help me find a solution? > > Thank you. > > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Netstar S.r.l. <in...@ne...> - 2012-03-13 22:07:32
|
Waiting for next update, there is a way to remedy this situation? Unlike the logs are flooded with these messages and you lose the ability to analyze the true errors. Tnx ----- Original Message ----- From: Breno Silva To: mod...@li... Sent: Tuesday, March 13, 2012 8:44 PM Subject: Re: [Mod-security-developers] Retrieving collection error This not an error. I will make the debug level (current level 1) for this msg higher in next version. Thanks Breno On Tue, Mar 13, 2012 at 8:37 AM, Netstar S.r.l. <in...@ne...> wrote: I installed and configured mod_security (v. 2.6.4 with Core Rules 2.2.3) on a ubuntu platform. Qhen I Activate the configuration, log files are saturated with messages like these: [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] The configuration file is set with these values: SecTmpDir / xxx SecDataDir / xxx where xxx is an operating system folder with permissions set to write for apache. I checked several times but I can not find the problem. Someone could help me find a solution? Thank you. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. <bre...@gm...> - 2012-03-13 19:44:58
|
This not an error. I will make the debug level (current level 1) for this msg higher in next version. Thanks Breno On Tue, Mar 13, 2012 at 8:37 AM, Netstar S.r.l. <in...@ne...> wrote: > I installed and configured mod_security (v. 2.6.4 with Core Rules 2.2.3) on > a ubuntu platform. Qhen I Activate the configuration, log files are > saturated with messages like these: > > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri > "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx/"] > [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri > "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] > [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving > collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx"] > [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] > > The configuration file is set with these values: > > SecTmpDir / xxx > SecDataDir / xxx > > where xxx is an operating system folder with permissions set to write for > apache. > > I checked several times but I can not find the problem. > > Someone could help me find a solution? > > Thank you. > > > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Netstar S.r.l. <in...@ne...> - 2012-03-13 19:38:00
|
I installed and configured mod_security (v. 2.6.4 with Core Rules 2.2.3) on a ubuntu platform. Qhen I Activate the configuration, log files are saturated with messages like these: [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx/"] [unique_id "T19DmX8AAQEAAA6qUHYAAAAC"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "global", filename "/xxx/global") [hostname "xxx"] [uri "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] [error] [client xxx] ModSecurity: collection_retrieve_ex: Retrieving collection (name "ip", filename "/xxx/ip") [hostname "xxx"] [uri "/xxx"] [unique_id "T19Gpn8AAQEAAA-ZHmUAAAAH"] The configuration file is set with these values: SecTmpDir / xxx SecDataDir / xxx where xxx is an operating system folder with permissions set to write for apache. I checked several times but I can not find the problem. Someone could help me find a solution? Thank you. |
|
From: Breno S. <bre...@gm...> - 2012-03-09 18:55:51
|
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.4 Release. The stability of this release must be good and it includes some bug fixes. Mlogc old 100% cpu consume bug appears to be fixed now. A new bug related to ctl:updateTargetByID was fixed, making apache memory grow. The last release has a bug when reloading data from session and user collections, users running rules that use those collection must upgrade to this version. Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod...@li.... Thanks Breno Silva |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-03-09 12:52:09
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-106.
--------------------------------------
Resolution: Cannot Reproduce
> Memory usage grows high after some time (memory leak?)
> ------------------------------------------------------
>
> Key: MODSEC-106
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-106
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Affects Versions: 2.5.9
> Environment: Apache/2.2.3
> CentOS release 5.3 (Final)
> 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
> Reporter: Dawid Golunski
> Assignee: Breno Silva Pinto
> Priority: High
>
> I noticed that after 2 days of running modsecurity console (v2.5.9) on a pipe with apache memory used by the mlogc proccess
> grows very high. Here is a proccess entry from ps aux:
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 25022 0.0 0.5 327072 46260 ? Sl Dec06 1:16 /usr/bin/mlogc /etc/mlogc.conf
> When I restart apache the memory usage is:
> root 31586 0.0 0.0 69960 2308 ? Sl 17:57 0:00 /usr/bin/mlogc /etc/mlogc.conf
> My guess is that there is a memory leak somewhere in the code.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
10 messages has been excluded from this view by a project administrator.
