mod-security-developers Mailing List for ModSecurity (Page 36)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: momo-i <web...@mo...> - 2011-06-05 00:52:38
|
Dear Breno, Ohhhh, That's OK by apr/1.4.4, apu/1.3.11!!! Very very thanks so much!!!!! I could't find such a simple thing, I'm embarrassed:( Best Regards, momo-i. (2011/06/05 9:29), Breno Silva wrote: > OK... please don't forget to re-compile your apache with the new apr/apu > library. > > thanks > > Breno > > On Sat, Jun 4, 2011 at 7:28 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > > Okay, I'll try previous version of APR/APU, so please wait for moment. > > > (2011/06/05 9:23), Breno Silva wrote: > > Hi momo-i, > > I saw you are using the lastest APR/APU library version, release > in the > end of May. What APR/APU version you used with 2.5.13 ? > If you can try modsec 2.6.0 with a previious version of APR/APU > will be > great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. > > Thanks > > Breno > > On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket > message > appears in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log > when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > <http://www.example.com> > <http://www.example.com> > > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 > UTC 2011 > x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 > --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... > /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... > /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and > using the > same APR > version in your apache and modsecurity. Your > bucket is > an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing > it. So > my first > idea is > something wrong with APR... maybe different > compiled and > linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>>>> > > wrote: > > Hi, > > Could you send your error.log and your main > conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>>> > wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be > difficult > to read, > please > forgive me. > > I have searched for on Google, I could > not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If > configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on > Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results > were > all the same. > I also tried 2.5.13 with the same > settings, no > problem. > > (1) > Set to debug level 9 and using telnet > command. > Using modsecurity-crs_2.2.0 and > modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result > is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following > line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache > modules, > whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We > will be > called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops > following > line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > > [localhost/sid#2538b78][rid#7f341c002970][/][9] > Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, > application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; > MSIE 9.0; > Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: > application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped > addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D > DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure > --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for > your virtual > environment > with vRanger. > Installation's a snap, and flexible > recovery options > mean your > data is safe, > secure and there when you need it. > Discover what > all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's > SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-05 00:29:23
|
OK... please don't forget to re-compile your apache with the new apr/apu library. thanks Breno On Sat, Jun 4, 2011 at 7:28 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > Okay, I'll try previous version of APR/APU, so please wait for moment. > > > (2011/06/05 9:23), Breno Silva wrote: > >> Hi momo-i, >> >> I saw you are using the lastest APR/APU library version, release in the >> end of May. What APR/APU version you used with 2.5.13 ? >> If you can try modsec 2.6.0 with a previious version of APR/APU will be >> great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. >> >> Thanks >> >> Breno >> >> On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Dear Breno, >> >> hmm, don't appear anything into error.log, when EOS Bucket message >> appears in debug.log. >> >> Regards, >> momo-i. >> >> >> (2011/06/04 22:31), Breno Silva wrote: >> >> Hi momo-i, >> >> Please let me know if you saw any kind ot msg into error.log >> when the >> EOS Bucket msgs appears into debug.log >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... >> <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>> >> wrote: >> >> Dear Breno, >> good morning all, >> >> I compiled with same APR version both. >> (oops, i forgot to send my os environment...) >> >> --- >> # uname -a >> Linux www.example.com <http://www.example.com> >> <http://www.example.com> >> >> 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 >> x86_64 >> x86_64 x86_64 GNU/Linux >> # cat /etc/redhat-release >> Fedora release 15 (Lovelock) >> --- >> Do I have to provide other informations? >> >> apache >> --- >> ./configure --prefix=/opt/apache2 >> --with-apr=/usr/bin/apr-1-config >> --with-apr-util=/usr/bin/apu-1-config >> --- >> httpd version is to see prev mail. >> >> modsecurity >> >> --- >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> --- >> it finds >> --- >> checking for libapr config script... /usr/bin/apr-1-config >> configure: using apr v1.4.5 >> checking for libapu config script... /usr/bin/apu-1-config >> configure: using apu v1.3.12 >> --- >> all results >> http://ja.pastebin.ca/2074419 >> >> And here is httpd error.log and main config file. >> >> error.log(level debug) >> http://ja.pastebin.ca/2074417 >> >> config(exclude comment lines) >> http://ja.pastebin.ca/2074418 >> vhosts setting >> http://ja.pastebin.ca/2074421 >> >> bad to use virtual hosts? >> >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> (2011/06/04 5:59), Breno Silva wrote: >> >> Also .. please make sure you are compiling and using the >> same APR >> version in your apache and modsecurity. Your bucket is >> an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So >> my first >> idea is >> something wrong with APR... maybe different compiled and >> linked >> versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva >> <bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>> >> <mailto:bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>>>> >> >> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i >> <web...@mo... <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>> >> <mailto:web...@mo... <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>>> >> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult >> to read, >> please >> forgive me. >> >> I have searched for on Google, I could not find a >> similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were >> all the same. >> I also tried 2.5.13 with the same settings, no >> problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and >> modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always >> returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following >> line, this >> issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, >> whether >> or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be >> called >> again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following >> line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] >> Input >> filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; >> Windows >> NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D >> DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure >> --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual >> environment >> with vRanger. >> Installation's a snap, and flexible recovery >> options >> mean your >> data is safe, >> secure and there when you need it. Discover what >> all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>> >> <mailto:mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>>> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-05 00:28:03
|
Dear Breno, Okay, I'll try previous version of APR/APU, so please wait for moment. (2011/06/05 9:23), Breno Silva wrote: > Hi momo-i, > > I saw you are using the lastest APR/APU library version, release in the > end of May. What APR/APU version you used with 2.5.13 ? > If you can try modsec 2.6.0 with a previious version of APR/APU will be > great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. > > Thanks > > Breno > > On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message > appears in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log > when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > <http://www.example.com> > > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 > x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 > --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and using the > same APR > version in your apache and modsecurity. Your bucket is > an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So > my first > idea is > something wrong with APR... maybe different compiled and > linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>>> > > wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult > to read, > please > forgive me. > > I have searched for on Google, I could not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were > all the same. > I also tried 2.5.13 with the same settings, no > problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and > modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following > line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, > whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be > called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following > line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] > Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; > Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure > --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual > environment > with vRanger. > Installation's a snap, and flexible recovery options > mean your > data is safe, > secure and there when you need it. Discover what > all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-05 00:23:48
|
Hi momo-i, I saw you are using the lastest APR/APU library version, release in the end of May. What APR/APU version you used with 2.5.13 ? If you can try modsec 2.6.0 with a previious version of APR/APU will be great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. Thanks Breno On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message appears > in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > >> Hi momo-i, >> >> Please let me know if you saw any kind ot msg into error.log when the >> EOS Bucket msgs appears into debug.log >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Dear Breno, >> good morning all, >> >> I compiled with same APR version both. >> (oops, i forgot to send my os environment...) >> >> --- >> # uname -a >> Linux www.example.com <http://www.example.com> >> >> 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 >> x86_64 x86_64 GNU/Linux >> # cat /etc/redhat-release >> Fedora release 15 (Lovelock) >> --- >> Do I have to provide other informations? >> >> apache >> --- >> ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config >> --with-apr-util=/usr/bin/apu-1-config >> --- >> httpd version is to see prev mail. >> >> modsecurity >> >> --- >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> --- >> it finds >> --- >> checking for libapr config script... /usr/bin/apr-1-config >> configure: using apr v1.4.5 >> checking for libapu config script... /usr/bin/apu-1-config >> configure: using apu v1.3.12 >> --- >> all results >> http://ja.pastebin.ca/2074419 >> >> And here is httpd error.log and main config file. >> >> error.log(level debug) >> http://ja.pastebin.ca/2074417 >> >> config(exclude comment lines) >> http://ja.pastebin.ca/2074418 >> vhosts setting >> http://ja.pastebin.ca/2074421 >> >> bad to use virtual hosts? >> >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> (2011/06/04 5:59), Breno Silva wrote: >> >> Also .. please make sure you are compiling and using the same APR >> version in your apache and modsecurity. Your bucket is an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So my first >> idea is >> something wrong with APR... maybe different compiled and linked >> versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva >> <bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>>> >> >> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... >> <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>> >> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, >> please >> forgive me. >> >> I have searched for on Google, I could not find a >> similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and >> modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always >> returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this >> issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether >> or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called >> again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input >> filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows >> NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual >> environment >> with vRanger. >> Installation's a snap, and flexible recovery options >> mean your >> data is safe, >> secure and there when you need it. Discover what all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-04 23:57:22
|
Dear Breno, hmm, don't appear anything into error.log, when EOS Bucket message appears in debug.log. Regards, momo-i. (2011/06/04 22:31), Breno Silva wrote: > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and using the same APR > version in your apache and modsecurity. Your bucket is an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So my first > idea is > something wrong with APR... maybe different compiled and linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>> > wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, > please > forgive me. > > I have searched for on Google, I could not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual > environment > with vRanger. > Installation's a snap, and flexible recovery options > mean your > data is safe, > secure and there when you need it. Discover what all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-04 13:31:28
|
Hi momo-i, Please let me know if you saw any kind ot msg into error.log when the EOS Bucket msgs appears into debug.log thanks Breno On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo...> wrote: > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 > UTC 2011 x86_64 x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > >> Also .. please make sure you are compiling and using the same APR >> version in your apache and modsecurity. Your bucket is an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is >> something wrong with APR... maybe different compiled and linked versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm... >> <mailto:bre...@gm...>> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, please >> forgive me. >> >> I have searched for on Google, I could not find a similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: >> Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment >> with vRanger. >> Installation's a snap, and flexible recovery options mean your >> data is safe, >> secure and there when you need it. Discover what all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-04 03:19:10
|
Dear Breno, good morning all, I compiled with same APR version both. (oops, i forgot to send my os environment...) --- # uname -a Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release Fedora release 15 (Lovelock) --- Do I have to provide other informations? apache --- ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config --- httpd version is to see prev mail. modsecurity --- LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec --with-apxs=/opt/apache2/bin/apxs --- it finds --- checking for libapr config script... /usr/bin/apr-1-config configure: using apr v1.4.5 checking for libapu config script... /usr/bin/apu-1-config configure: using apu v1.3.12 --- all results http://ja.pastebin.ca/2074419 And here is httpd error.log and main config file. error.log(level debug) http://ja.pastebin.ca/2074417 config(exclude comment lines) http://ja.pastebin.ca/2074418 vhosts setting http://ja.pastebin.ca/2074421 bad to use virtual hosts? Thank you for your kind cooperation. Regards, momo-i. (2011/06/04 5:59), Breno Silva wrote: > Also .. please make sure you are compiling and using the same APR > version in your apache and modsecurity. Your bucket is an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is > something wrong with APR... maybe different compiled and linked versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm... > <mailto:bre...@gm...>> wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, please > forgive me. > > I have searched for on Google, I could not find a similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment > with vRanger. > Installation's a snap, and flexible recovery options mean your > data is safe, > secure and there when you need it. Discover what all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:45:21
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-76.
-------------------------------------
Resolution: Fixed
> custom errorpage called behind denied 400
> -----------------------------------------
>
> Key: MODSEC-76
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-76
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Actions
> Affects Versions: 2.5.9
> Environment: Fedora 10 x86_64
> Reporter: Reindl Harald
> Assignee: Breno Silva Pinto
>
> I am using custom-error-pages /error.php
> If somebody calls a url with ip mod_security blocks the access BUT my error.php sends me mails
> to find broken links and i get the mails even in this case:
> Browser says: 400 Bad Request (Default Output without custom errors for 400)
> But i get an email from my error.php
> I think an from mod_security caught attack should stop the whole-request
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:41:20
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-100.
--------------------------------------
Resolution: Won't Fix
> Can me some one help me with modsec_debug.log why I can see ip address of atacker ???
> --------------------------------------------------------------------------------------
>
> Key: MODSEC-100
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-100
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Logging
> Affects Versions: 2.5.9
> Environment: Debian Linux 4 Host system and Xen guest system is also Debian 4. Apache 2.2.3
> Reporter: Stanislav
> Assignee: Breno Silva Pinto
>
> Problem is so when I look to modsec_debug.log, I don't see the Ip adress of atacker. I see so string:
> [16/Nov/2009:17:54:49 +0500] *strong* [www.mysite.ru/sid#8347230]*strong*[rid#8657358][/upload/bx/18f/158x180++K_3.swf][1] Access denied with code 403 (phase 2). Pattern matc
> h "(?:[\\(\)\%#]|--)" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/mod_security/modsecurity_crs_40_generic_attacks.conf"] [line "93"] [id "959905"] [msg
> "SQL Injection Attack"] [data "length"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]
> May be is configuration setting which can write to modsec_debug.log IP address of attacker but not my... Can me some one help me ???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:41:19
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-172.
--------------------------------------
Resolution: Invalid Build
> Build - Integration Instructions broken. mod_security.c no longer exists.
> ----------------------------------------------------------------------------
>
> Key: MODSEC-172
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-172
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Documentation
> Environment: Centos 5.5 x64 Java 6.
> Reporter: BJ Chippindale
> Assignee: Breno Silva Pinto
>
> Instructions to build mod_security into Apache as a static module include copying mod_security.c into modules/proxy, running configure and the make.
> 1. mod_security.c does not exist.
> 2. Neither of modsecurity.c or mod_security2.c can be built in this fashion.
> Instructions to build as dso are similarly flawed.
> make install works, and as my Apache httpd is built as a threaded system, it installs the mod_security2.so into lib64/httpd/modules which is all good, but means that I have to roll-my-own instructions to create an apache rpm that contains this module, and cannot install it static at all.
> The pre-built rpm for mod_security requires liblua which is NOT installed on the target systems for the rpms.
> Since this is aimed at cautious sys-admin types, bad instructions are really extravagantly bad news.
> Thanks
> BJ Chippindale
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:20:38
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-177.
--------------------------------------
Fix Version/s: 2.6.1
(was: 2.7.0)
Resolution: Duplicate
> SecRuleUpdateActionById does not work with chained rules
> --------------------------------------------------------
>
> Key: MODSEC-177
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-177
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Configuration
> Affects Versions: 2.5.12
> Environment: CentOS release 5.5 (Final)
> mod_security-2.5.12-1.el5 (EPEL)
> Reporter: George Notaras
> Assignee: Breno Silva Pinto
> Fix For: 2.6.1
>
>
> It seems that if *SecRuleUpdateActionById* is used to update the actions of a chained rule, the modified rule stops being chained with its subsequent rules, unless the *chain* action is used in the SecRuleUpdateActionById statement.
> Example:
> {code}
> SecMarker BEGIN_ACCEPT_CHECK
> SecRule REQUEST_METHOD "!^OPTIONS$" \
> "chain,phase:2,rev:'2.0.8',t:none,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10'"
> SecRule &REQUEST_HEADERS:Accept "@eq 0" "skipAfter:END_ACCEPT_CHECK,t:none"
> SecRule REQUEST_METHOD "!^OPTIONS$" \
> "chain,phase:2,rev:'2.0.8',t:none,msg:'Request Has an Empty Accept Header', severity:'2',id:'960021',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
> SecRule REQUEST_HEADERS:Accept "^$" "t:none"
> SecMarker END_ACCEPT_CHECK
> SecRuleUpdateActionById 960015 "chain,pass,msg:'[PASS] Request Missing an Accept Header'"
> {code}
> As shown in the example, the _chain_ action has to be set again in the SecRuleUpdateActionById directive in order to keep the 960015 rule chained with the rest of the rules.
> I am not sure if this is a bug, but this limitation regarding chained rules is not documented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:16:40
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-93?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-93.
-------------------------------------
Resolution: Incomplete
> when I try to access my website with 'WWW' it give me 400 error
> ---------------------------------------------------------------
>
> Key: MODSEC-93
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-93
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Configuration
> Affects Versions: 2.5.9
> Environment: Centos 5.3 with apche 2.2
> Reporter: Riyaad
> Assignee: Breno Silva Pinto
>
> Well I have a simple problem.I am using firefox 3.5.3 and when I put 'www' to my domain I get :
> Bad Request
> Your browser sent a request that this server could not understand.
> without www I dont get any issue.It work on Internet Explorer and Google chrome.
> Thanks
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:16:38
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-129.
--------------------------------------
Fix Version/s: 2.6.1
Resolution: Duplicate
> SecUploadFileMode is not setting mode
> -------------------------------------
>
> Key: MODSEC-129
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-129
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Configuration, Core
> Affects Versions: 2.5.11
> Environment: Redhat 4.6 - 64 bit, kernel 2.6.9-67.0.15.ELsmp, httpd 2.2.14
> Reporter: Al Faller
> Assignee: Breno Silva Pinto
> Fix For: 2.6.1
>
>
> I am using SecUploadFileMode to allow for clamav to scan the uploads (0660). On mod_sec 2.5.7 with httpd 2.2.11, this works as expected. upgrading httpd and modsec to the latest, the temp uploads are now being set as 0600. Setting my shell's umask to 0000 doesn't help.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-04 00:11:40
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-208.
--------------------------------------
Resolution: Invalid Build
> Apache can not graceful restart if using chroot in mod_security
> ---------------------------------------------------------------
>
> Key: MODSEC-208
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-208
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.5.12
> Environment: redhat 5.5
> Reporter: Le Huy
> Assignee: Breno Silva Pinto
> Fix For: 2.6.1
>
>
> After configuring chroot in mod_security, apache can not restart in graceful mode because when receiving signal the Apache process is already in chroot jail so can not access libraries and files outside it to stop and restart its childs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-06-03 21:01:38
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-194.
--------------------------------------
Resolution: Fixed
> homoglyphs translation to ASCII
> -------------------------------
>
> Key: MODSEC-194
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-194
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Components: Core
> Affects Versions: 2.5.13
> Environment: all
> Reporter: Marc Stern
> Assignee: Breno Silva Pinto
> Fix For: 2.6.1
>
>
> Il would be useful to have a filter that convert all homoglyphs to their ASCII (or Latin?) equivalent.
> This would be useful to stop SQL smuggling.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. <bre...@gm...> - 2011-06-03 20:59:47
|
Also .. please make sure you are compiling and using the same APR version in your apache and modsecurity. Your bucket is an EOS but APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is something wrong with APR... maybe different compiled and linked versions used in apache and modsecurity. Check it please .. and send your log and conf. thanks Breno On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm...> wrote: > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo...> wrote: > >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, please forgive me. >> >> I have searched for on Google, I could not find a similar case, so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this issue is resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether or not I would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called again with more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment with >> vRanger. >> Installation's a snap, and flexible recovery options mean your data is >> safe, >> secure and there when you need it. Discover what all the cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: Breno S. <bre...@gm...> - 2011-06-03 20:54:17
|
Hi, Could you send your error.log and your main conf file ? thanks Breno On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo...> wrote: > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, please forgive me. > > I have searched for on Google, I could not find a similar case, so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this issue is resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether or not I would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called again with more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with > vRanger. > Installation's a snap, and flexible recovery options mean your data is > safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Ryan B. <RBa...@tr...> - 2011-06-03 15:56:08
|
Looks like I need to update the SPAM filtering settings on the ModSec Dev list... -Ryan On 6/3/11 11:52 AM, "Phil Williams" <p.w...@am...> wrote: > > >I would like to know if you would have any interest in covering some >events for us in your area? > >There would be NO COST at all for admission, and it would not be >necessary for you to be an experienced reporter. > >We are looking for members of the public to cover events such as Music >Concerts, Sporting Events, Restaurant Openings, Movies, Gallery >Openings, Shows, and others. Again, there is no cost for admission to >any of the events, and no obligation is required. > >We will be accepting only a few people from your area so let us know >if you are interested in obtaining any further information. > >Phil Williams > >AMD Event Coverage Coordinator > >SITE-American Media Distribution(.com) > >or americanmediadist.com > >Fax9542064295 > >- > >-This e-mail and any accompanying attachments are confidential. This >information is intended solely for the use of the individual to whom >it is addressed. Any review, disclosure, copying, distribution, or use >of this e-mail communication by others is strictly prohibited. THERE >WILL BE NO FOLLOWING EMAILS SENT - If you are not the intended >recipient, please notify us immediately by returning this message to >the sender and delete all copies. Thank you for your cooperation. > >-Mcafee Virus Checked - Virus Free- > >-- no more reporter/event updates reply w NO MORE in subject > > > >-- > > > >-- >,-- > > > >-------------------------------------------------------------------------- >---- >Simplify data backup and recovery for your virtual environment with >vRanger. >Installation's a snap, and flexible recovery options mean your data is >safe, >secure and there when you need it. Discover what all the cheering's about. >Get your free trial download today. >http://p.sf.net/sfu/quest-dev2dev2 >_______________________________________________ >mod-security-developers mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Phil W. <p.w...@am...> - 2011-06-03 15:52:29
|
I would like to know if you would have any interest in covering some events for us in your area? There would be NO COST at all for admission, and it would not be necessary for you to be an experienced reporter. We are looking for members of the public to cover events such as Music Concerts, Sporting Events, Restaurant Openings, Movies, Gallery Openings, Shows, and others. Again, there is no cost for admission to any of the events, and no obligation is required. We will be accepting only a few people from your area so let us know if you are interested in obtaining any further information. Phil Williams AMD Event Coverage Coordinator SITE-American Media Distribution(.com) or americanmediadist.com Fax9542064295 - -This e-mail and any accompanying attachments are confidential. This information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. THERE WILL BE NO FOLLOWING EMAILS SENT - If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. -Mcafee Virus Checked - Virus Free- -- no more reporter/event updates reply w NO MORE in subject -- -- ,-- |
|
From: momo-i <web...@mo...> - 2011-06-03 14:30:37
|
Hi all, # first, my native language is japanese. # I'm not so good at English, may be difficult to read, please forgive me. I have searched for on Google, I could not find a similar case, so send to mailing list for the first time. Please forgive become long ones. (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess to On, IE displays the error. (2) And generating post traffic on Drupal(7.2), httpd is an abnormally high CPU. I tried httpd 2.2.17-19, and the results were all the same. I also tried 2.5.13 with the same settings, no problem. (1) Set to debug level 9 and using telnet command. Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended --- # telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 Host: localhost Connection closed by foreign host. --- debug.log http://ja.pastebin.ca/2074112 I think that the reason for this result is always returned null. "APR_BUCKET_IS_EOS(bucket)" And, for testing, comment out the following line, this issue is resolved. http://ja.pastebin.ca/2074116 However, I am so familiar with Apache modules, whether or not I would not know this is a permanent solution. apache2/apache2_io.c line: 862 --- if (msr->of_done_reading == 0) { /* We are done for now. We will be called again with more data. */ return APR_SUCCESS; } --- (2) Also, using drupal(7.2) POST, loops following line... (25 million lines per second) [03/Jun/2011:22:47:18 +0900] [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket type EOS contains 0 bytes. http://ja.pastebin.ca/2074118 --- POST / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://localhost/ Accept-Language: ja-JP User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: localhost Content-Length: 133 Connection: Keep-Alive Cache-Control: no-cache --- here is httpd version. --- # /opt/apache2/bin/httpd -V Server version: Apache/2.2.19 (Unix) Server built: Jun 3 2011 10:01:37 Server's Module Magic Number: 20051115:28 Server loaded: APR 1.4.5, APR-Util 1.3.12 Compiled using: APR 1.4.5, APR-Util 1.3.12 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/opt/apache2" -D SUEXEC_BIN="/opt/apache2/bin/suexec" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" --- 2.6.0 compile option ------------------------ LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec --with-apxs=/opt/apache2/bin/apxs ------------------------ Thank you for your kind cooperation. Regards, momo-i. |
|
From: Juan C. C. R. <jua...@so...> - 2011-06-03 13:27:46
|
Yes I have, although as the implementations are different I guess there is a bug or something on the original code of OWASP Java WAF. I will leave that part to later on and make some more progress on the evaluation of the rules, keep you posted Thanks, Juan Carlos ________________________________________ De: Ryan Barnett [RBa...@tr...] Enviado el: jueves, 02 de junio de 2011 07:28 a.m. Para: mod...@li... Asunto: Re: [Mod-security-developers] ModSecurity for Java Hey Juan Carlos, Thanks for the update! Have you looked at the "MsHttpServletResponse.java" code from the old ModSecurity for Java project? http://www.modsecurity.org/download/msj-m3c.war Maybe that would help. -Ryan From: Juan calderon <jua...@ow...<mailto:jua...@ow...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thu, 2 Jun 2011 00:51:39 -0500 To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [Mod-security-developers] ModSecurity for Java Hello Guys Just a little update, Rule parser for this project is already working and supporting the 4 directives (SecRuleEngine, SecRule, SecRequestBodyAccess, SecResponseBodyAccess ) of Rule Language Porting Spec Level 1 :) I am struggling to get the Response variables working, I always get an empty string for the response body buffer :(, can anyone give me some support on this one, I might not be using the ReponseWrapper correctly. Regards, Juan Carlos Calderon ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
|
From: Ryan B. <RBa...@tr...> - 2011-06-02 12:28:23
|
Hey Juan Carlos, Thanks for the update! Have you looked at the "MsHttpServletResponse.java" code from the old ModSecurity for Java project? http://www.modsecurity.org/download/msj-m3c.war Maybe that would help. -Ryan From: Juan calderon <jua...@ow...<mailto:jua...@ow...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thu, 2 Jun 2011 00:51:39 -0500 To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [Mod-security-developers] ModSecurity for Java Hello Guys Just a little update, Rule parser for this project is already working and supporting the 4 directives (SecRuleEngine, SecRule, SecRequestBodyAccess, SecResponseBodyAccess ) of Rule Language Porting Spec Level 1 :) I am struggling to get the Response variables working, I always get an empty string for the response body buffer :(, can anyone give me some support on this one, I might not be using the ReponseWrapper correctly. Regards, Juan Carlos Calderon ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Juan c. <jua...@ow...> - 2011-06-02 06:21:11
|
Hello Guys Just a little update, Rule parser for this project is already working and supporting the 4 directives (SecRuleEngine, SecRule, SecRequestBodyAccess, SecResponseBodyAccess ) of Rule Language Porting Spec Level 1 :) I am struggling to get the Response variables working, I always get an empty string for the response body buffer :(, can anyone give me some support on this one, I might not be using the ReponseWrapper correctly. Regards, Juan Carlos Calderon |
|
From: Larry C. <lar...@gm...> - 2011-05-31 22:03:18
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Untitled document</title> </head> <body> <div> <p><span style="font-family: Arial; font-size: large;"><strong>THINK AGAIN!</strong></span></p> </div> <div><span style="font-family: Arial; font-size: medium;"><strong>Become a Lightyear Wireless Representative! </strong></span><span style="font-family: Arial; font-size: medium;"><strong>Find out how</strong></span></div> <div><span style="font-family: Arial; font-size: medium;"><strong>easy earning money can be!</strong></span></div> <div> <div><span style="font-family: Arial; font-size: medium;"><strong></strong></span> </div> <div><span style="font-family: Arial; font-size: medium;"><strong>Your Road To A Brighter Future and Better </strong></span><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Tomorrow </strong></span></span><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Begins</strong></span></span></div> <div><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Right Now!</strong></span></span></div> <div><span style="font-family: Arial;"></span> </div> <div><span style="font-family: Arial;">This one simple decision can make a permanent difference in your life!</span></div> <div><span style="font-family: Arial;">Millions of people are now beginning to see the power and importance</span></div> <div><span style="font-family: Arial;">of owning their own business. Unfortunately, most of them don't feel as</span></div> <div><span style="font-family: Arial;">if they have any realistic options for getting started. Over the past few</span></div> <div><span style="font-family: Arial;">minutes, we've showed you a home business that finally makes sense!</span></div> <div><span style="font-family: Arial;">The time has come to make that educated decision we started out</span></div> <div><span style="font-family: Arial;">talking about because this <i>is</i></span><span style="font-family: Arial;"> the right business for you. <br /><br /><strong>The only question left to ask is this: are you right for this business?</strong> <br /><br /><strong>Consider the following:</strong></span></div> <ul> <li><span style="font-family: Arial;">Work from home using the internet and our other proven marketing methods </span></li> <li><span style="font-family: Arial;">Align with a powerhouse team that will teach you everything you need </span></li> <li><span style="font-family: Arial;">Align with an amazing company poised for tremendous growth </span></li> <li><span style="font-family: Arial;">Leverage easy-to-use tools and our proven system </span></li> <li><span style="font-family: Arial;">Start earning an income from services that people use every day</span></li> </ul> <div><span style="font-family: Arial;"><strong>Some of the tools we offer:</strong></span></div> <div><span style="font-family: Arial;"></span> </div> <div> <li><span style="font-family: Arial;">Company Training Website </span></li> <li><span style="font-family: Arial;">Live Web Presentations </span></li> <li><span style="font-family: Arial;">Training Conference Calls </span></li> <li><span style="font-family: Arial;">Fully Integrated Internet Marketing Systems </span></li> <li><span style="font-family: Arial;">Lead Capture Pages </span></li> <li><span style="font-family: Arial;">Autoresponder Marketing System </span></li> <li><span style="font-family: Arial;">Contact Management System </span></li> <li><span style="font-family: Arial;">Online & Offline Advertising Co-ops </span></li> <li><span style="font-family: Arial;">FREE Email Leads Each Month </span></li> <li><span style="font-family: Arial;">Training from Top Money Earners</span></li> </div> <div><span style="font-family: Arial;"></span> </div> <div><strong><span style="font-family: Arial;">So what are you waiting for? Everything you need to succeed is</span></strong></div> <div><span style="font-family: Arial;"><strong>right here! </strong><strong>Make the choice. Just say yes!</strong></span></div> <div><span style="font-family: Arial;"></span> </div> <div><span><span style="font-family: Arial;">You can either choose to get additional information about our incredible</span></span></div> <div><span><span style="font-family: Arial;">company or </span></span><span><span style="font-family: Arial;">you can go ahead and get started right now. Either way, <b><i>thank</i></b></span></span></div> <div><span><span style="font-family: Arial;"><b><i>you so much</i><span style="font-family: Arial;"> for the </span></b></span></span><span><span style="font-family: Arial;">opportunity you've given us to share this amazing</span></span></div> <div><span><span style="font-family: Arial;">business. Now it's up to you!</span></span></div> <span> <div><br /><strong><span style="font-family: Arial;">To get started as a Lightyear Wireless Representative right now</span></strong></div> <div><strong><a href="http://mindvisionlabs.com/ultra/tl.php?p=vz/ur/rs/4ay/sn/rs//http%3A%2F%2Fcameron.mylightyear.net%2F" style="color: #09c; text-decoration: none;"><span style="font-family: Arial;">CLICK HERE</span></a></strong></div> <div><span style="font-family: Arial;"></span> </div> <div> <div><span style="font-family: Arial; font-size: medium;"><strong>Join Us Today and Start Living on Your Own Terms</strong></span></div> <div><a href="http://mindvisionlabs.com/ultra/tl.php?p=vz/ur/rs/4ay/sn/rs//http%3A%2F%2Fcameron.mylightyear.net%2F"><span style="font-family: Arial; color: #0000ff;">http://cameron.mylightyear.net</span></a><br /><span style="font-family: Arial;"><br /><a href="http://mindvisionlabs.com/ultra/u.php?p=vz/rs/4ay/sn/ur/rs">Click here to unsubscribe</a></span></div> </div> </span></div> <img src="http://mindvisionlabs.com/ultra/to.php?p=vz/ur/rs/4ay/sn/rs" width="5" height="2" alt="."> </body> </html> |
|
From: Larry C. <lar...@gm...> - 2011-05-31 21:22:05
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Untitled document</title> </head> <body> <div> <p><span style="font-family: Arial; font-size: large;"><strong>THINK AGAIN!</strong></span></p> </div> <div><span style="font-family: Arial; font-size: medium;"><strong>Become a Lightyear Wireless Representative! </strong></span><span style="font-family: Arial; font-size: medium;"><strong>Find out how</strong></span></div> <div><span style="font-family: Arial; font-size: medium;"><strong>easy earning money can be!</strong></span></div> <div> <div><span style="font-family: Arial; font-size: medium;"><strong></strong></span> </div> <div><span style="font-family: Arial; font-size: medium;"><strong>Your Road To A Brighter Future and Better </strong></span><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Tomorrow </strong></span></span><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Begins</strong></span></span></div> <div><span style="font-family: Arial;"><span style="font-size: medium;"><strong>Right Now!</strong></span></span></div> <div><span style="font-family: Arial;"></span> </div> <div><span style="font-family: Arial;">This one simple decision can make a permanent difference in your life!</span></div> <div><span style="font-family: Arial;">Millions of people are now beginning to see the power and importance</span></div> <div><span style="font-family: Arial;">of owning their own business. Unfortunately, most of them don't feel as</span></div> <div><span style="font-family: Arial;">if they have any realistic options for getting started. Over the past few</span></div> <div><span style="font-family: Arial;">minutes, we've showed you a home business that finally makes sense!</span></div> <div><span style="font-family: Arial;">The time has come to make that educated decision we started out</span></div> <div><span style="font-family: Arial;">talking about because this <i>is</i></span><span style="font-family: Arial;"> the right business for you. <br /><br /><strong>The only question left to ask is this: are you right for this business?</strong> <br /><br /><strong>Consider the following:</strong></span></div> <ul> <li><span style="font-family: Arial;">Work from home using the internet and our other proven marketing methods </span></li> <li><span style="font-family: Arial;">Align with a powerhouse team that will teach you everything you need </span></li> <li><span style="font-family: Arial;">Align with an amazing company poised for tremendous growth </span></li> <li><span style="font-family: Arial;">Leverage easy-to-use tools and our proven system </span></li> <li><span style="font-family: Arial;">Start earning an income from services that people use every day</span></li> </ul> <div><span style="font-family: Arial;"><strong>Some of the tools we offer:</strong></span></div> <div><span style="font-family: Arial;"></span> </div> <div> <li><span style="font-family: Arial;">Company Training Website </span></li> <li><span style="font-family: Arial;">Live Web Presentations </span></li> <li><span style="font-family: Arial;">Training Conference Calls </span></li> <li><span style="font-family: Arial;">Fully Integrated Internet Marketing Systems </span></li> <li><span style="font-family: Arial;">Lead Capture Pages </span></li> <li><span style="font-family: Arial;">Autoresponder Marketing System </span></li> <li><span style="font-family: Arial;">Contact Management System </span></li> <li><span style="font-family: Arial;">Online & Offline Advertising Co-ops </span></li> <li><span style="font-family: Arial;">FREE Email Leads Each Month </span></li> <li><span style="font-family: Arial;">Training from Top Money Earners</span></li> </div> <div><span style="font-family: Arial;"></span> </div> <div><strong><span style="font-family: Arial;">So what are you waiting for? Everything you need to succeed is</span></strong></div> <div><span style="font-family: Arial;"><strong>right here! </strong><strong>Make the choice. Just say yes!</strong></span></div> <div><span style="font-family: Arial;"></span> </div> <div><span><span style="font-family: Arial;">You can either choose to get additional information about our incredible</span></span></div> <div><span><span style="font-family: Arial;">company or </span></span><span><span style="font-family: Arial;">you can go ahead and get started right now. Either way, <b><i>thank</i></b></span></span></div> <div><span><span style="font-family: Arial;"><b><i>you so much</i><span style="font-family: Arial;"> for the </span></b></span></span><span><span style="font-family: Arial;">opportunity you've given us to share this amazing</span></span></div> <div><span><span style="font-family: Arial;">business. Now it's up to you!</span></span></div> <span> <div><br /><strong><span style="font-family: Arial;">To get started as a Lightyear Wireless Representative right now</span></strong></div> <div><strong><a href="http://mindvisionlabs.com/ultra/tl.php?p=vy/uq/rs/4ay/sl/rs//http%3A%2F%2Fcameron.mylightyear.net%2F" style="color: #09c; text-decoration: none;"><span style="font-family: Arial;">CLICK HERE</span></a></strong></div> <div><span style="font-family: Arial;"></span> </div> <div> <div><span style="font-family: Arial; font-size: medium;"><strong>Join Us Today and Start Living on Your Own Terms</strong></span></div> <div><a href="http://mindvisionlabs.com/ultra/tl.php?p=vy/uq/rs/4ay/sl/rs//http%3A%2F%2Fcameron.mylightyear.net%2F"><span style="font-family: Arial; color: #0000ff;">http://cameron.mylightyear.net</span></a><br /><span style="font-family: Arial;"><br /><a href="http://mindvisionlabs.com/ultra/u.php?p=vy/rs/4ay/sl/uq/rs">Click here to unsubscribe</a></span></div> </div> </span></div> <img src="http://mindvisionlabs.com/ultra/to.php?p=vy/uq/rs/4ay/sl/rs" width="5" height="2" alt="."> </body> </html> |
10 messages has been excluded from this view by a project administrator.
