Screenshot instructions:
Windows
Mac
Red Hat Linux
Ubuntu
Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)
You can subscribe to this list here.
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(17) |
Aug
(7) |
Sep
(8) |
Oct
(11) |
Nov
(14) |
Dec
(19) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
(46) |
Feb
(14) |
Mar
(20) |
Apr
(48) |
May
(15) |
Jun
(20) |
Jul
(36) |
Aug
(24) |
Sep
(31) |
Oct
(28) |
Nov
(23) |
Dec
(12) |
2005 |
Jan
(69) |
Feb
(61) |
Mar
(82) |
Apr
(53) |
May
(26) |
Jun
(71) |
Jul
(27) |
Aug
(52) |
Sep
(28) |
Oct
(49) |
Nov
(104) |
Dec
(74) |
2006 |
Jan
(61) |
Feb
(148) |
Mar
(82) |
Apr
(139) |
May
(65) |
Jun
(116) |
Jul
(92) |
Aug
(101) |
Sep
(84) |
Oct
(103) |
Nov
(174) |
Dec
(102) |
2007 |
Jan
(166) |
Feb
(161) |
Mar
(181) |
Apr
(152) |
May
(192) |
Jun
(250) |
Jul
(127) |
Aug
(165) |
Sep
(97) |
Oct
(135) |
Nov
(206) |
Dec
(56) |
2008 |
Jan
(160) |
Feb
(135) |
Mar
(98) |
Apr
(89) |
May
(115) |
Jun
(95) |
Jul
(188) |
Aug
(167) |
Sep
(153) |
Oct
(84) |
Nov
(82) |
Dec
(85) |
2009 |
Jan
(139) |
Feb
(133) |
Mar
(128) |
Apr
(105) |
May
(135) |
Jun
(79) |
Jul
(92) |
Aug
(134) |
Sep
(73) |
Oct
(112) |
Nov
(159) |
Dec
(80) |
2010 |
Jan
(100) |
Feb
(116) |
Mar
(130) |
Apr
(59) |
May
(88) |
Jun
(59) |
Jul
(69) |
Aug
(67) |
Sep
(82) |
Oct
(76) |
Nov
(59) |
Dec
(34) |
2011 |
Jan
(84) |
Feb
(74) |
Mar
(81) |
Apr
(94) |
May
(188) |
Jun
(72) |
Jul
(118) |
Aug
(109) |
Sep
(111) |
Oct
(80) |
Nov
(51) |
Dec
(44) |
2012 |
Jan
(80) |
Feb
(123) |
Mar
(46) |
Apr
(12) |
May
(40) |
Jun
(62) |
Jul
(95) |
Aug
(66) |
Sep
(65) |
Oct
(53) |
Nov
(42) |
Dec
(60) |
2013 |
Jan
(96) |
Feb
(96) |
Mar
(108) |
Apr
(72) |
May
(115) |
Jun
(111) |
Jul
(114) |
Aug
(87) |
Sep
(93) |
Oct
(97) |
Nov
(104) |
Dec
(82) |
2014 |
Jan
(96) |
Feb
(77) |
Mar
(71) |
Apr
(40) |
May
(48) |
Jun
(78) |
Jul
(54) |
Aug
(44) |
Sep
(58) |
Oct
(79) |
Nov
(51) |
Dec
(52) |
2015 |
Jan
(55) |
Feb
(59) |
Mar
(48) |
Apr
(40) |
May
(45) |
Jun
(63) |
Jul
(36) |
Aug
(49) |
Sep
(35) |
Oct
(58) |
Nov
(21) |
Dec
(47) |
2016 |
Jan
(35) |
Feb
(81) |
Mar
(43) |
Apr
(41) |
May
(77) |
Jun
(52) |
Jul
(39) |
Aug
(34) |
Sep
(107) |
Oct
(67) |
Nov
(54) |
Dec
(20) |
2017 |
Jan
(99) |
Feb
(37) |
Mar
(86) |
Apr
(47) |
May
(57) |
Jun
(55) |
Jul
(34) |
Aug
(31) |
Sep
(16) |
Oct
(49) |
Nov
(53) |
Dec
(33) |
2018 |
Jan
(25) |
Feb
(11) |
Mar
(79) |
Apr
(73) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
|
|
1
(5) |
2
(14) |
3
(5) |
4
(6) |
5
|
6
(1) |
7
|
8
(4) |
9
(1) |
10
(7) |
11
(6) |
12
|
13
|
14
(8) |
15
(23) |
16
(4) |
17
(5) |
18
(14) |
19
(2) |
20
(14) |
21
(2) |
22
|
23
(6) |
24
|
25
|
26
|
27
(13) |
28
(20) |
29
(11) |
30
(11) |
31
(10) |
|
|
From: hanj <mailing@as...> - 2007-05-28 20:28:35
|
Ok.. I figured it out.. but need to know how to address the problem. It looks like the problem is related to mod_security-2.1.1 and mod_limitipconn-0.22-r1. If I remove this module, then mod_security works with Apache correctly, if I leave it in, then we start to have problems. mod_security-1.8.4 works fine with mod_limitipconn-0.22-r1. Any ideas how to enable mod_limitipconn with mod_sec-2.x? Anyone else run into similar problems with other modules and mod_sec? Again... here are my modules and versions: mod_security-2.1.1 mod_bw-0.7 mod_limitipconn-0.22-r1 apache-2.0.58-r2 Thanks!!! hanji |
From: Ofer Shezaf <OferS@Breach.com> - 2007-05-28 20:05:58
|
What rule set does the Mandriva package uses? =20 ~ Ofer =20 From: Albert E. Whale [mailto:aewhale@...]=20 Sent: Monday, May 28, 2007 5:57 PM To: Ofer Shezaf Cc: Christian Bockermann; mod-security-users@... Subject: Re: [mod-security-users] What is this? Can you please explain? =20 Thank you. Since this is a Mandriva release of the Mod_Security package I can review the information and fix it for me, and also the Mandriva distribution ... this may help a few other newcomers as well. Thank you! Ofer Shezaf wrote:=20 Actually Albert might be right. Some versions of Apache use an internal keep alive pinger that issues a request without a host name. =20 The Core Rule Set have a specific exclusion for that, but this rule is probably not part of the Core Rule Set (no rule ID) and blocks this request. =20 In order to verify we will need the entire request as you can find in the audit log. =20 So in order to permit it: either use the core rule set instead of the rules you use or refer to Ryan's recent blog entry on creating exceptions http://www.modsecurity.org/blog/archives/2007/02/handling_false.html =20 ~ Ofer =20 =20 -----Original Message----- From: mod-security-users-bounces@... [mailto:mod- security-users-bounces@...] On Behalf Of Christian Bockermann Sent: Monday, May 28, 2007 11:20 AM To: aewhale@... Cc: mod-security-users@... Subject: Re: [mod-security-users] What is this? Can you please =20 explain? =20 Hi Albert! =20 In this case it is not the fact that it's the localhost, but a matter of a missing/empty Accept-Header in the request. Do you use the =20 core-rules =20 or any custom-made ruleset? =20 The core rules contain some checks that complain if an Accept-header =20 is =20 missing. This is a problem I observed with some RSS-clients for example. According to the RFC the Accept-header is optional. =20 Regards, Chris =20 =20 Am 28.05.2007 um 05:26 schrieb Albert E. Whale: =20 =20 Too me this appears to indicate that the localhost is not permitted to test the root level of the web Server. Why? =20 [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: Access denied with code 500. Pattern match "^$" at HEADER("Accept") [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id "R9xVQH8AAAEAAAN2kzoAAAAF"] =20 Where can I permit this? =20 -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ABS Computer Technology, Inc. - Email, Internet and Security Consultants SPAMZapper - No-JunkMail.com - True Spam Elimination. =20 =20 --------------------------------------------------------------------- =20 - =20 --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod-security-users@... =09 https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 =20 =20 ----------------------------------------------------------------------- =20 -- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod-security-users@... https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod-security-users@... https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 =20 --=20 Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ________________________________ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - True Spam Elimination.=20 |
From: Ofer Shezaf <OferS@Breach.com> - 2007-05-28 19:57:04
|
Sorry for taking you both several steps back, but I don't think the issue is related to loading the libxml2.so library but to the actual compilation of ModSecurity with XML support. The error messages for missing libxml2.so (either if the file is missing or if the LoadFile directive is wrong) are different. In order for XML to not be recognized by the parser (which is the case here), I think that ModSecurity must be compiled without the WITH_LIBXML2 compile flag. While as you said it is on by default in the make file, the compile and link lines you send do not imply that it was actually on. I think that msc_xml might be compiled and linked anyway. So, bottom line, can you send (if you prefer privately to ryan and me) the entire make file and compile log? ~ Ofer > -----Original Message----- > From: Ryan Barnett > Sent: Monday, May 28, 2007 7:52 PM > To: Joakim Schramm; Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question >=20 > One more item - remove the "!" before the IfModule name as this means > if the module is not loaded. >=20 > -- > Ryan C. Barnett > ModSecurity Community Manager > Breach Security: Director of Application Security Training > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > Author: Preventing Web Attacks with Apache >=20 >=20 >=20 > > -----Original Message----- > > From: Joakim Schramm [mailto:joakim@...] > > Sent: Monday, May 28, 2007 12:49 PM > > To: Ryan Barnett; Ofer Shezaf > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > -----Original Message----- > > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > > Sent: 28 May 2007 18:33 > > > To: Joakim Schramm; Ofer Shezaf > > > Cc: mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > You to have the XML LoadFile directive specified BEFORE the > > > ModSecurity LoadFile directive like this - > > > > > > <IfDefine SECURITY> > > > <IfModule !mod_security2.c> > > > LoadFile /usr/lib/libxml2.so > > > LoadModule security2_module modules/mod_security2.so > > > </IfModule> > > > > > > # use Core Rule Set by default: > > > Include /etc/apache2/modules.d/mod_security/*.conf > > > </IfDefine> > > > > > Unfortunately, > > > > It makes no difference. Right now I have no other option then remove > all > > XML > > variables as apache2 refuses to start as it is. > > > > Joakim > > > -- > > > Ryan C. Barnett > > > ModSecurity Community Manager > > > Breach Security: Director of Application Security Training > > > Web Application Security Consortium (WASC) Member CIS Apache > > > Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, > > > GSNA, GCUX, GSEC > > > Author: Preventing Web Attacks with Apache > > > > > > > > > > > > > -----Original Message----- > > > > From: Joakim Schramm [mailto:joakim@...] > > > > Sent: Monday, May 28, 2007 12:28 PM > > > > To: Ryan Barnett; Ofer Shezaf > > > > Cc: mod-security-users@... > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > This from my httpd.conf for > > > > > > > > <IfDefine SECURITY> > > > > <IfModule !mod_security2.c> > > > > LoadModule security2_module > modules/mod_security2.so > > > > </IfModule> > > > > > > > > LoadFile /usr/lib/libxml2.so > > > > > > > > # use Core Rule Set by default: > > > > Include /etc/apache2/modules.d/mod_security/*.conf > > > > </IfDefine> > > > > > > > > merc ~ # locate libxml2.so > > > > /usr/lib/libxml2.so.2.6.28 > > > > /usr/lib/libxml2.so.2 > > > > /usr/lib/libxml2.so > > > > > > > > merc ~ # /etc/init.d/apache2 restart > > > > * Apache2 has detected a syntax error in your configuration > files: > > > > Syntax error on line 54 of > > > > > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > > > l_violatio > > > ns > > > > .c > > > > onf: > > > > Error creating rule: Unknown variable: XML > > > > > > > > I don't know if this is because apache2 currently is > > > running w/ modsec > > > > 2.1.1 > > > > but w/o libxml2 line in conf, so it might check syntax for > > > what it has > > > at > > > > hands before restarting and don't because of this as apache2 > never > > > stops. > > > > I > > > > may have to stop it maunally and srat it again, not just restart > BUT > > > if it > > > > still fail all my web services is down :-( I guess I have no > option > > > but > > > > take > > > > a chance and rely on you guys if it still fails. Faith was the > word > > > :-) > > > > > > > > Unfortunately, > > > > > > > > After stopping still > > > > > > > > merc ~ # /etc/init.d/apache2 start > > > > * Apache2 has detected a syntax error in your configuration > files: > > > > Syntax error on line 54 of > > > > > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > > > l_violatio > > > ns > > > > .c > > > > onf: > > > > Error creating rule: Unknown variable: XML > > > > > > > > Joakim > > > > > > > > > -----Original Message----- > > > > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > > > > Sent: 28 May 2007 17:54 > > > > > To: Joakim Schramm; Ofer Shezaf > > > > > Cc: mod-security-users@... > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > Did you add the following to your httpd.conf file before the > > > > > ModSecurity LoadModule directive - LoadFile > /usr/lib/libxml2.so. > > > > > > > > > > This is in the Installation section of the reference manual > > > > > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > > > > > .1.0/modse > > > > > curity2-apache-reference.html#02-installation > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: mod-security-users-bounces@... > > > [mailto:mod- > > > > > > security-users-bounces@...] On Behalf > > > Of Joakim > > > > > Schramm > > > > > > Sent: Monday, May 28, 2007 11:50 AM > > > > > > To: Ofer Shezaf > > > > > > Cc: mod-security-users@... > > > > > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 > question > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > > Sent: 28 May 2007 17:05 > > > > > > > To: Joakim Schramm > > > > > > > Cc: mod-security-users@... > > > > > > > Subject: RE: [mod-security-users] Core rules > > > 2.1-1.4b2 question > > > > > > > > > > > > > > Just one correction, if you want to remove the XML > > > variable from > > > > > > > the rules, it also appears in file #20. > > > > > > > > > > > > > Well I don't want to but have XML working. I looked at the > make > > > file > > > > > as it > > > > > > is in archive and it seem XML is on by default, and I have > have > > > > > libxml2 > > > > > > were > > > > > > it says by default, so as far as I understand it "should" > > > > > be compiled > > > > > with > > > > > > xml support, not sure why it isn't working though. I have the > > > whole > > > > > output > > > > > > from compile by Gentoo emerge packager and it appear to > > > > > confirm xml is > > > > > > compled in. Just pasting the relevant parts here, let me know > if > > > you > > > > > need > > > > > > full output? > > > > > > > > > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG > > > -pthread > > > > > > -I/usr/include/apache2 -I/usr/include/apr-1 > > > -I/usr/include/apr-1 > > > > > > -I/usr/include/db4.5 -c -o > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_xml.lo > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_xml.c && touch > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_xml.slo > > > > > > /usr/bin/libtool --silent --mode=3Dcompile = i686-pc-linux-gnu- > gcc > > > > > -prefer-pic > > > > > > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT - > D_GNU_SOURCE > > > > > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread - > I/usr/include/apache2 > > > > > > -I/usr/include/apr-1 - > > > > > > ... > > > > > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > > > > > dev1/apache2/persist_db > > > > > > m.lo > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/pdf_protect.lo > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_xml.lo > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_util.lo > > > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > > pache_2.2. > > > > > 0- > > > > > > de > > > > > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > > > > > > > > > So xml "should" really work, but it doesn't or is there > > > > > something more > > > > > > that > > > > > > need to be done? > > > > > > > > > > > > Joakim > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Joakim Schramm [mailto:joakim@...] > > > > > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > > > > > To: Ofer Shezaf > > > > > > > > Cc: mod-security-users@... > > > > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 > > > question > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > > > > Sent: 28 May 2007 16:49 > > > > > > > > > To: Joakim Schramm > > > > > > > > > Subject: RE: [mod-security-users] Core rules > > > > > 2.1-1.4b2 question > > > > > > > > > > > > > > > > > > Regarding XML - Avi is still investigating the > > > > > problem (actually > > > > > a > > > > > > > > > solution) as we already know the problem. You > > > have compiled > > > > > > > > > ModSecurity without XML support, which is perfectly > > > > > > > valid, but does > > > > > > > > > not work with the new dev version of > > > > > > > > > > > > > > > > > > So you will need to either compile with XML support, > wait > > > till > > > > > we > > > > > > > > > find a generic solution, or just delete all the XML > > > > > > > variables from > > > > > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > > > > > > > > > ~ Ofer > > > > > > > > > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild > for > > > > > > > 2.1.1, so I > > > > > > > > will have to figure out how to get xml support compiled > in > > > then > > > > > ;-) > > > > > > > > > > > > > > > > Joakim > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------- > > > > > ---------- > > > > > - > > > > > > This SF.net email is sponsored by DB2 Express Download > > > DB2 Express > > > > > > C - the FREE version of DB2 express and take control of > > > your XML. > > > > > > No limits. Just data. Click to get it now. > > > > > > http://sourceforge.net/powerbar/db2/ > > > > > > _______________________________________________ > > > > > > mod-security-users mailing list > > > > > > mod-security-users@... > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security- > users > > > > > > > > > > > |
From: Ryan Barnett <Ryan.Barnett@Breach.com> - 2007-05-28 16:53:27
|
One more item - remove the "!" before the IfModule name as this means if the module is not loaded. =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 > -----Original Message----- > From: Joakim Schramm [mailto:joakim@...] > Sent: Monday, May 28, 2007 12:49 PM > To: Ryan Barnett; Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question >=20 >=20 >=20 > > -----Original Message----- > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > Sent: 28 May 2007 18:33 > > To: Joakim Schramm; Ofer Shezaf > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > You to have the XML LoadFile directive specified BEFORE the > > ModSecurity LoadFile directive like this - > > > > <IfDefine SECURITY> > > <IfModule !mod_security2.c> > > LoadFile /usr/lib/libxml2.so > > LoadModule security2_module modules/mod_security2.so > > </IfModule> > > > > # use Core Rule Set by default: > > Include /etc/apache2/modules.d/mod_security/*.conf > > </IfDefine> > > > Unfortunately, >=20 > It makes no difference. Right now I have no other option then remove all > XML > variables as apache2 refuses to start as it is. >=20 > Joakim > > -- > > Ryan C. Barnett > > ModSecurity Community Manager > > Breach Security: Director of Application Security Training > > Web Application Security Consortium (WASC) Member CIS Apache > > Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, > > GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > > > > > > -----Original Message----- > > > From: Joakim Schramm [mailto:joakim@...] > > > Sent: Monday, May 28, 2007 12:28 PM > > > To: Ryan Barnett; Ofer Shezaf > > > Cc: mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > This from my httpd.conf for > > > > > > <IfDefine SECURITY> > > > <IfModule !mod_security2.c> > > > LoadModule security2_module modules/mod_security2.so > > > </IfModule> > > > > > > LoadFile /usr/lib/libxml2.so > > > > > > # use Core Rule Set by default: > > > Include /etc/apache2/modules.d/mod_security/*.conf > > > </IfDefine> > > > > > > merc ~ # locate libxml2.so > > > /usr/lib/libxml2.so.2.6.28 > > > /usr/lib/libxml2.so.2 > > > /usr/lib/libxml2.so > > > > > > merc ~ # /etc/init.d/apache2 restart > > > * Apache2 has detected a syntax error in your configuration files: > > > Syntax error on line 54 of > > > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > > l_violatio > > ns > > > .c > > > onf: > > > Error creating rule: Unknown variable: XML > > > > > > I don't know if this is because apache2 currently is > > running w/ modsec > > > 2.1.1 > > > but w/o libxml2 line in conf, so it might check syntax for > > what it has > > at > > > hands before restarting and don't because of this as apache2 never > > stops. > > > I > > > may have to stop it maunally and srat it again, not just restart BUT > > if it > > > still fail all my web services is down :-( I guess I have no option > > but > > > take > > > a chance and rely on you guys if it still fails. Faith was the word > > :-) > > > > > > Unfortunately, > > > > > > After stopping still > > > > > > merc ~ # /etc/init.d/apache2 start > > > * Apache2 has detected a syntax error in your configuration files: > > > Syntax error on line 54 of > > > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > > l_violatio > > ns > > > .c > > > onf: > > > Error creating rule: Unknown variable: XML > > > > > > Joakim > > > > > > > -----Original Message----- > > > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > > > Sent: 28 May 2007 17:54 > > > > To: Joakim Schramm; Ofer Shezaf > > > > Cc: mod-security-users@... > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > Did you add the following to your httpd.conf file before the > > > > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. > > > > > > > > This is in the Installation section of the reference manual > > > > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > > > > .1.0/modse > > > > curity2-apache-reference.html#02-installation > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: mod-security-users-bounces@... > > [mailto:mod- > > > > > security-users-bounces@...] On Behalf > > Of Joakim > > > > Schramm > > > > > Sent: Monday, May 28, 2007 11:50 AM > > > > > To: Ofer Shezaf > > > > > Cc: mod-security-users@... > > > > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > Sent: 28 May 2007 17:05 > > > > > > To: Joakim Schramm > > > > > > Cc: mod-security-users@... > > > > > > Subject: RE: [mod-security-users] Core rules > > 2.1-1.4b2 question > > > > > > > > > > > > Just one correction, if you want to remove the XML > > variable from > > > > > > the rules, it also appears in file #20. > > > > > > > > > > > Well I don't want to but have XML working. I looked at the make > > file > > > > as it > > > > > is in archive and it seem XML is on by default, and I have have > > > > libxml2 > > > > > were > > > > > it says by default, so as far as I understand it "should" > > > > be compiled > > > > with > > > > > xml support, not sure why it isn't working though. I have the > > whole > > > > output > > > > > from compile by Gentoo emerge packager and it appear to > > > > confirm xml is > > > > > compled in. Just pasting the relevant parts here, let me know if > > you > > > > need > > > > > full output? > > > > > > > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG > > -pthread > > > > > -I/usr/include/apache2 -I/usr/include/apr-1 > > -I/usr/include/apr-1 > > > > > -I/usr/include/db4.5 -c -o > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_xml.lo > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_xml.c && touch > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_xml.slo > > > > > /usr/bin/libtool --silent --mode=3Dcompile = i686-pc-linux-gnu-gcc > > > > -prefer-pic > > > > > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT -D_GNU_SOURCE > > > > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > > > > > -I/usr/include/apr-1 - > > > > > ... > > > > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > > > > dev1/apache2/persist_db > > > > > m.lo > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/pdf_protect.lo > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_xml.lo > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_util.lo > > > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > > pache_2.2. > > > > 0- > > > > > de > > > > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > > > > > > > So xml "should" really work, but it doesn't or is there > > > > something more > > > > > that > > > > > need to be done? > > > > > > > > > > Joakim > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Joakim Schramm [mailto:joakim@...] > > > > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > > > > To: Ofer Shezaf > > > > > > > Cc: mod-security-users@... > > > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 > > question > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > > > Sent: 28 May 2007 16:49 > > > > > > > > To: Joakim Schramm > > > > > > > > Subject: RE: [mod-security-users] Core rules > > > > 2.1-1.4b2 question > > > > > > > > > > > > > > > > Regarding XML - Avi is still investigating the > > > > problem (actually > > > > a > > > > > > > > solution) as we already know the problem. You > > have compiled > > > > > > > > ModSecurity without XML support, which is perfectly > > > > > > valid, but does > > > > > > > > not work with the new dev version of > > > > > > > > > > > > > > > > So you will need to either compile with XML support, wait > > till > > > > we > > > > > > > > find a generic solution, or just delete all the XML > > > > > > variables from > > > > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > > > > > > > ~ Ofer > > > > > > > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > > > > > 2.1.1, so I > > > > > > > will have to figure out how to get xml support compiled in > > then > > > > ;-) > > > > > > > > > > > > > > Joakim > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------- > > > > ---------- > > > > - > > > > > This SF.net email is sponsored by DB2 Express Download > > DB2 Express > > > > > C - the FREE version of DB2 express and take control of > > your XML. > > > > > No limits. Just data. Click to get it now. > > > > > http://sourceforge.net/powerbar/db2/ > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod-security-users@... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > |
From: Joakim Schramm <joakim@as...> - 2007-05-28 16:46:31
|
> -----Original Message----- > From: Ryan Barnett [mailto:Ryan.Barnett@...] > Sent: 28 May 2007 18:33 > To: Joakim Schramm; Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > You to have the XML LoadFile directive specified BEFORE the > ModSecurity LoadFile directive like this - > > <IfDefine SECURITY> > <IfModule !mod_security2.c> > LoadFile /usr/lib/libxml2.so > LoadModule security2_module modules/mod_security2.so > </IfModule> > > # use Core Rule Set by default: > Include /etc/apache2/modules.d/mod_security/*.conf > </IfDefine> > Unfortunately, It makes no difference. Right now I have no other option then remove all XML variables as apache2 refuses to start as it is. Joakim > -- > Ryan C. Barnett > ModSecurity Community Manager > Breach Security: Director of Application Security Training > Web Application Security Consortium (WASC) Member CIS Apache > Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, > GSNA, GCUX, GSEC > Author: Preventing Web Attacks with Apache > > > > > -----Original Message----- > > From: Joakim Schramm [mailto:joakim@...] > > Sent: Monday, May 28, 2007 12:28 PM > > To: Ryan Barnett; Ofer Shezaf > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > This from my httpd.conf for > > > > <IfDefine SECURITY> > > <IfModule !mod_security2.c> > > LoadModule security2_module modules/mod_security2.so > > </IfModule> > > > > LoadFile /usr/lib/libxml2.so > > > > # use Core Rule Set by default: > > Include /etc/apache2/modules.d/mod_security/*.conf > > </IfDefine> > > > > merc ~ # locate libxml2.so > > /usr/lib/libxml2.so.2.6.28 > > /usr/lib/libxml2.so.2 > > /usr/lib/libxml2.so > > > > merc ~ # /etc/init.d/apache2 restart > > * Apache2 has detected a syntax error in your configuration files: > > Syntax error on line 54 of > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > l_violatio > ns > > .c > > onf: > > Error creating rule: Unknown variable: XML > > > > I don't know if this is because apache2 currently is > running w/ modsec > > 2.1.1 > > but w/o libxml2 line in conf, so it might check syntax for > what it has > at > > hands before restarting and don't because of this as apache2 never > stops. > > I > > may have to stop it maunally and srat it again, not just restart BUT > if it > > still fail all my web services is down :-( I guess I have no option > but > > take > > a chance and rely on you guys if it still fails. Faith was the word > :-) > > > > Unfortunately, > > > > After stopping still > > > > merc ~ # /etc/init.d/apache2 start > > * Apache2 has detected a syntax error in your configuration files: > > Syntax error on line 54 of > > > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protoco > l_violatio > ns > > .c > > onf: > > Error creating rule: Unknown variable: XML > > > > Joakim > > > > > -----Original Message----- > > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > > Sent: 28 May 2007 17:54 > > > To: Joakim Schramm; Ofer Shezaf > > > Cc: mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > Did you add the following to your httpd.conf file before the > > > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. > > > > > > This is in the Installation section of the reference manual > > > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > > > .1.0/modse > > > curity2-apache-reference.html#02-installation > > > > > > > > > > > > > -----Original Message----- > > > > From: mod-security-users-bounces@... > [mailto:mod- > > > > security-users-bounces@...] On Behalf > Of Joakim > > > Schramm > > > > Sent: Monday, May 28, 2007 11:50 AM > > > > To: Ofer Shezaf > > > > Cc: mod-security-users@... > > > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > Sent: 28 May 2007 17:05 > > > > > To: Joakim Schramm > > > > > Cc: mod-security-users@... > > > > > Subject: RE: [mod-security-users] Core rules > 2.1-1.4b2 question > > > > > > > > > > Just one correction, if you want to remove the XML > variable from > > > > > the rules, it also appears in file #20. > > > > > > > > > Well I don't want to but have XML working. I looked at the make > file > > > as it > > > > is in archive and it seem XML is on by default, and I have have > > > libxml2 > > > > were > > > > it says by default, so as far as I understand it "should" > > > be compiled > > > with > > > > xml support, not sure why it isn't working though. I have the > whole > > > output > > > > from compile by Gentoo emerge packager and it appear to > > > confirm xml is > > > > compled in. Just pasting the relevant parts here, let me know if > you > > > need > > > > full output? > > > > > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG > -pthread > > > > -I/usr/include/apache2 -I/usr/include/apr-1 > -I/usr/include/apr-1 > > > > -I/usr/include/db4.5 -c -o > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_xml.lo > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_xml.c && touch > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_xml.slo > > > > /usr/bin/libtool --silent --mode=compile i686-pc-linux-gnu-gcc > > > -prefer-pic > > > > -march=pentium4 -O2 -pipe -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE > > > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > > > > -I/usr/include/apr-1 - > > > > ... > > > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > > > dev1/apache2/persist_db > > > > m.lo > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/pdf_protect.lo > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_xml.lo > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_util.lo > > > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > > pache_2.2. > > > 0- > > > > de > > > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > > > > > So xml "should" really work, but it doesn't or is there > > > something more > > > > that > > > > need to be done? > > > > > > > > Joakim > > > > > > > > > > -----Original Message----- > > > > > > From: Joakim Schramm [mailto:joakim@...] > > > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > > > To: Ofer Shezaf > > > > > > Cc: mod-security-users@... > > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 > question > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > > Sent: 28 May 2007 16:49 > > > > > > > To: Joakim Schramm > > > > > > > Subject: RE: [mod-security-users] Core rules > > > 2.1-1.4b2 question > > > > > > > > > > > > > > Regarding XML - Avi is still investigating the > > > problem (actually > > > a > > > > > > > solution) as we already know the problem. You > have compiled > > > > > > > ModSecurity without XML support, which is perfectly > > > > > valid, but does > > > > > > > not work with the new dev version of > > > > > > > > > > > > > > So you will need to either compile with XML support, wait > till > > > we > > > > > > > find a generic solution, or just delete all the XML > > > > > variables from > > > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > > > > > ~ Ofer > > > > > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > > > > 2.1.1, so I > > > > > > will have to figure out how to get xml support compiled in > then > > > ;-) > > > > > > > > > > > > Joakim > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------- > > > ---------- > > > - > > > > This SF.net email is sponsored by DB2 Express Download > DB2 Express > > > > C - the FREE version of DB2 express and take control of > your XML. > > > > No limits. Just data. Click to get it now. > > > > http://sourceforge.net/powerbar/db2/ > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod-security-users@... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > |
From: Ryan Barnett <Ryan.Barnett@Breach.com> - 2007-05-28 16:33:54
|
You to have the XML LoadFile directive specified BEFORE the ModSecurity LoadFile directive like this - <IfDefine SECURITY> <IfModule !mod_security2.c> LoadFile /usr/lib/libxml2.so =20 LoadModule security2_module modules/mod_security2.so </IfModule> # use Core Rule Set by default: Include /etc/apache2/modules.d/mod_security/*.conf </IfDefine> --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 > -----Original Message----- > From: Joakim Schramm [mailto:joakim@...] > Sent: Monday, May 28, 2007 12:28 PM > To: Ryan Barnett; Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question >=20 > This from my httpd.conf for >=20 > <IfDefine SECURITY> > <IfModule !mod_security2.c> > LoadModule security2_module modules/mod_security2.so > </IfModule> >=20 > LoadFile /usr/lib/libxml2.so >=20 > # use Core Rule Set by default: > Include /etc/apache2/modules.d/mod_security/*.conf > </IfDefine> >=20 > merc ~ # locate libxml2.so > /usr/lib/libxml2.so.2.6.28 > /usr/lib/libxml2.so.2 > /usr/lib/libxml2.so >=20 > merc ~ # /etc/init.d/apache2 restart > * Apache2 has detected a syntax error in your configuration files: > Syntax error on line 54 of > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio ns > .c > onf: > Error creating rule: Unknown variable: XML >=20 > I don't know if this is because apache2 currently is running w/ modsec > 2.1.1 > but w/o libxml2 line in conf, so it might check syntax for what it has at > hands before restarting and don't because of this as apache2 never stops. > I > may have to stop it maunally and srat it again, not just restart BUT if it > still fail all my web services is down :-( I guess I have no option but > take > a chance and rely on you guys if it still fails. Faith was the word :-) >=20 > Unfortunately, >=20 > After stopping still >=20 > merc ~ # /etc/init.d/apache2 start > * Apache2 has detected a syntax error in your configuration files: > Syntax error on line 54 of > /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violatio ns > .c > onf: > Error creating rule: Unknown variable: XML >=20 > Joakim >=20 > > -----Original Message----- > > From: Ryan Barnett [mailto:Ryan.Barnett@...] > > Sent: 28 May 2007 17:54 > > To: Joakim Schramm; Ofer Shezaf > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > Did you add the following to your httpd.conf file before the > > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. > > > > This is in the Installation section of the reference manual > > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > > .1.0/modse > > curity2-apache-reference.html#02-installation > > > > > > > > > -----Original Message----- > > > From: mod-security-users-bounces@... [mailto:mod- > > > security-users-bounces@...] On Behalf Of Joakim > > Schramm > > > Sent: Monday, May 28, 2007 11:50 AM > > > To: Ofer Shezaf > > > Cc: mod-security-users@... > > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > -----Original Message----- > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > Sent: 28 May 2007 17:05 > > > > To: Joakim Schramm > > > > Cc: mod-security-users@... > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > Just one correction, if you want to remove the XML variable > > > > from the rules, it also appears in file #20. > > > > > > > Well I don't want to but have XML working. I looked at the make file > > as it > > > is in archive and it seem XML is on by default, and I have have > > libxml2 > > > were > > > it says by default, so as far as I understand it "should" > > be compiled > > with > > > xml support, not sure why it isn't working though. I have the whole > > output > > > from compile by Gentoo emerge packager and it appear to > > confirm xml is > > > compled in. Just pasting the relevant parts here, let me know if you > > need > > > full output? > > > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread > > > -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 > > > -I/usr/include/db4.5 -c -o > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.c && touch > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.slo > > > /usr/bin/libtool --silent --mode=3Dcompile i686-pc-linux-gnu-gcc > > -prefer-pic > > > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT = -D_GNU_SOURCE > > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > > > -I/usr/include/apr-1 - > > > ... > > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > > dev1/apache2/persist_db > > > m.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/pdf_protect.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_xml.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_util.lo > > > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > > pache_2.2. > > 0- > > > de > > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > > > So xml "should" really work, but it doesn't or is there > > something more > > > that > > > need to be done? > > > > > > Joakim > > > > > > > > -----Original Message----- > > > > > From: Joakim Schramm [mailto:joakim@...] > > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > > To: Ofer Shezaf > > > > > Cc: mod-security-users@... > > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > > Sent: 28 May 2007 16:49 > > > > > > To: Joakim Schramm > > > > > > Subject: RE: [mod-security-users] Core rules > > 2.1-1.4b2 question > > > > > > > > > > > > Regarding XML - Avi is still investigating the > > problem (actually > > a > > > > > > solution) as we already know the problem. You have compiled > > > > > > ModSecurity without XML support, which is perfectly > > > > valid, but does > > > > > > not work with the new dev version of > > > > > > > > > > > > So you will need to either compile with XML support, wait till > > we > > > > > > find a generic solution, or just delete all the XML > > > > variables from > > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > > > ~ Ofer > > > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > > > 2.1.1, so I > > > > > will have to figure out how to get xml support compiled in then > > ;-) > > > > > > > > > > Joakim > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------- > > ---------- > > - > > > This SF.net email is sponsored by DB2 Express > > > Download DB2 Express C - the FREE version of DB2 express and take > > > control of your XML. No limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > _______________________________________________ > > > mod-security-users mailing list > > > mod-security-users@... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > |
From: Joakim Schramm <joakim@as...> - 2007-05-28 16:25:27
|
This from my httpd.conf for <IfDefine SECURITY> <IfModule !mod_security2.c> LoadModule security2_module modules/mod_security2.so </IfModule> LoadFile /usr/lib/libxml2.so # use Core Rule Set by default: Include /etc/apache2/modules.d/mod_security/*.conf </IfDefine> merc ~ # locate libxml2.so /usr/lib/libxml2.so.2.6.28 /usr/lib/libxml2.so.2 /usr/lib/libxml2.so merc ~ # /etc/init.d/apache2 restart * Apache2 has detected a syntax error in your configuration files: Syntax error on line 54 of /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violations.c onf: Error creating rule: Unknown variable: XML I don't know if this is because apache2 currently is running w/ modsec 2.1.1 but w/o libxml2 line in conf, so it might check syntax for what it has at hands before restarting and don't because of this as apache2 never stops. I may have to stop it maunally and srat it again, not just restart BUT if it still fail all my web services is down :-( I guess I have no option but take a chance and rely on you guys if it still fails. Faith was the word :-) Unfortunately, After stopping still merc ~ # /etc/init.d/apache2 start * Apache2 has detected a syntax error in your configuration files: Syntax error on line 54 of /etc/apache2/modules.d/mod_security/modsecurity_crs_20_protocol_violations.c onf: Error creating rule: Unknown variable: XML Joakim > -----Original Message----- > From: Ryan Barnett [mailto:Ryan.Barnett@...] > Sent: 28 May 2007 17:54 > To: Joakim Schramm; Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > Did you add the following to your httpd.conf file before the > ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. > > This is in the Installation section of the reference manual > -http://www.modsecurity.org/documentation/modsecurity-apache/2 > .1.0/modse > curity2-apache-reference.html#02-installation > > Ryan C. Barnett > Director of Application Security Training Breach Security, Inc. > Phone: 703-794-2248 > Cell: 703-269-8998 > Ryan.Barnett@... > http://www.Breach.com > > > > -----Original Message----- > > From: mod-security-users-bounces@... [mailto:mod- > > security-users-bounces@...] On Behalf Of Joakim > Schramm > > Sent: Monday, May 28, 2007 11:50 AM > > To: Ofer Shezaf > > Cc: mod-security-users@... > > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > -----Original Message----- > > > From: Ofer Shezaf [mailto:OferS@...] > > > Sent: 28 May 2007 17:05 > > > To: Joakim Schramm > > > Cc: mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > Just one correction, if you want to remove the XML variable > > > from the rules, it also appears in file #20. > > > > > Well I don't want to but have XML working. I looked at the make file > as it > > is in archive and it seem XML is on by default, and I have have > libxml2 > > were > > it says by default, so as far as I understand it "should" > be compiled > with > > xml support, not sure why it isn't working though. I have the whole > output > > from compile by Gentoo emerge packager and it appear to > confirm xml is > > compled in. Just pasting the relevant parts here, let me know if you > need > > full output? > > > > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread > > -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 > > -I/usr/include/db4.5 -c -o > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_xml.lo > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_xml.c && touch > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_xml.slo > > /usr/bin/libtool --silent --mode=compile i686-pc-linux-gnu-gcc > -prefer-pic > > -march=pentium4 -O2 -pipe -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE > > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > > -I/usr/include/apr-1 - > > ... > > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > > dev1/apache2/persist_db > > m.lo > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/pdf_protect.lo > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_xml.lo > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_util.lo > > > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-a > pache_2.2. > 0- > > de > > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- > > > > So xml "should" really work, but it doesn't or is there > something more > > that > > need to be done? > > > > Joakim > > > > > > -----Original Message----- > > > > From: Joakim Schramm [mailto:joakim@...] > > > > Sent: Monday, May 28, 2007 5:58 PM > > > > To: Ofer Shezaf > > > > Cc: mod-security-users@... > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > > Sent: 28 May 2007 16:49 > > > > > To: Joakim Schramm > > > > > Subject: RE: [mod-security-users] Core rules > 2.1-1.4b2 question > > > > > > > > > > Regarding XML - Avi is still investigating the > problem (actually > a > > > > > solution) as we already know the problem. You have compiled > > > > > ModSecurity without XML support, which is perfectly > > > valid, but does > > > > > not work with the new dev version of > > > > > > > > > > So you will need to either compile with XML support, wait till > we > > > > > find a generic solution, or just delete all the XML > > > variables from > > > > > the different rules (I think it is only in file #40) > > > > > > > > > > ~ Ofer > > > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > > 2.1.1, so I > > > > will have to figure out how to get xml support compiled in then > ;-) > > > > > > > > Joakim > > > > > > > > > > > > > -------------------------------------------------------------- > ---------- > - > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > mod-security-users mailing list > > mod-security-users@... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > |
From: Ryan Barnett <Ryan.Barnett@Breach.com> - 2007-05-28 15:55:54
|
Did you add the following to your httpd.conf file before the ModSecurity LoadModule directive - LoadFile /usr/lib/libxml2.so. This is in the Installation section of the reference manual -http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modse curity2-apache-reference.html#02-installation Ryan C. Barnett Director of Application Security Training Breach Security, Inc.=20 Phone: 703-794-2248 Cell: 703-269-8998=20 Ryan.Barnett@... http://www.Breach.com =20 > -----Original Message----- > From: mod-security-users-bounces@... [mailto:mod- > security-users-bounces@...] On Behalf Of Joakim Schramm > Sent: Monday, May 28, 2007 11:50 AM > To: Ofer Shezaf > Cc: mod-security-users@... > Subject: Re: [mod-security-users] Core rules 2.1-1.4b2 question >=20 >=20 >=20 > > -----Original Message----- > > From: Ofer Shezaf [mailto:OferS@...] > > Sent: 28 May 2007 17:05 > > To: Joakim Schramm > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > Just one correction, if you want to remove the XML variable > > from the rules, it also appears in file #20. > > > Well I don't want to but have XML working. I looked at the make file as it > is in archive and it seem XML is on by default, and I have have libxml2 > were > it says by default, so as far as I understand it "should" be compiled with > xml support, not sure why it isn't working though. I have the whole output > from compile by Gentoo emerge packager and it appear to confirm xml is > compled in. Just pasting the relevant parts here, let me know if you need > full output? >=20 > D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread > -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 > -I/usr/include/db4.5 -c -o > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_xml.lo > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_xml.c && touch > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_xml.slo > /usr/bin/libtool --silent --mode=3Dcompile i686-pc-linux-gnu-gcc -prefer-pic > -march=3Dpentium4 -O2 -pipe -DLINUX=3D2 -D_REENTRANT -D_GNU_SOURCE > -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 > -I/usr/include/apr-1 - > ... > www/mod_security-2.2.0/work/modsecurity-apache_2.2.0- > dev1/apache2/persist_db > m.lo > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/pdf_protect.lo > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_xml.lo > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_util.lo > /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2. 0- > de > v1/apache2/msc_reqbody.lo /var/tmp/portage/net- >=20 > So xml "should" really work, but it doesn't or is there something more > that > need to be done? >=20 > Joakim >=20 > > > -----Original Message----- > > > From: Joakim Schramm [mailto:joakim@...] > > > Sent: Monday, May 28, 2007 5:58 PM > > > To: Ofer Shezaf > > > Cc: mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > > > > > -----Original Message----- > > > > From: Ofer Shezaf [mailto:OferS@...] > > > > Sent: 28 May 2007 16:49 > > > > To: Joakim Schramm > > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > Regarding XML - Avi is still investigating the problem (actually a > > > > solution) as we already know the problem. You have compiled > > > > ModSecurity without XML support, which is perfectly > > valid, but does > > > > not work with the new dev version of > > > > > > > > So you will need to either compile with XML support, wait till we > > > > find a generic solution, or just delete all the XML > > variables from > > > > the different rules (I think it is only in file #40) > > > > > > > > ~ Ofer > > > > > > Aha, I use Gentoo and simply reused the current ebuild for > > 2.1.1, so I > > > will have to figure out how to get xml support compiled in then ;-) > > > > > > Joakim > > > > >=20 >=20 > ------------------------------------------------------------------------ - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod-security-users@... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Joakim Schramm <joakim@as...> - 2007-05-28 15:47:51
|
> -----Original Message----- > From: Ofer Shezaf [mailto:OferS@...] > Sent: 28 May 2007 17:05 > To: Joakim Schramm > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > Just one correction, if you want to remove the XML variable > from the rules, it also appears in file #20. > Well I don't want to but have XML working. I looked at the make file as it is in archive and it seem XML is on by default, and I have have libxml2 were it says by default, so as far as I understand it "should" be compiled with xml support, not sure why it isn't working though. I have the whole output from compile by Gentoo emerge packager and it appear to confirm xml is compled in. Just pasting the relevant parts here, let me know if you need full output? D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/include/db4.5 -c -o /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_xml.lo /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_xml.c && touch /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_xml.slo /usr/bin/libtool --silent --mode=compile i686-pc-linux-gnu-gcc -prefer-pic -march=pentium4 -O2 -pipe -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 -I/usr/include/apr-1 - ... www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-dev1/apache2/persist_db m.lo /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/pdf_protect.lo /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_xml.lo /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_util.lo /var/tmp/portage/net-www/mod_security-2.2.0/work/modsecurity-apache_2.2.0-de v1/apache2/msc_reqbody.lo /var/tmp/portage/net- So xml "should" really work, but it doesn't or is there something more that need to be done? Joakim > > -----Original Message----- > > From: Joakim Schramm [mailto:joakim@...] > > Sent: Monday, May 28, 2007 5:58 PM > > To: Ofer Shezaf > > Cc: mod-security-users@... > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > > -----Original Message----- > > > From: Ofer Shezaf [mailto:OferS@...] > > > Sent: 28 May 2007 16:49 > > > To: Joakim Schramm > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > Regarding XML - Avi is still investigating the problem (actually a > > > solution) as we already know the problem. You have compiled > > > ModSecurity without XML support, which is perfectly > valid, but does > > > not work with the new dev version of > > > > > > So you will need to either compile with XML support, wait till we > > > find a generic solution, or just delete all the XML > variables from > > > the different rules (I think it is only in file #40) > > > > > > ~ Ofer > > > > Aha, I use Gentoo and simply reused the current ebuild for > 2.1.1, so I > > will have to figure out how to get xml support compiled in then ;-) > > > > Joakim > > |
From: Ofer Shezaf <OferS@Breach.com> - 2007-05-28 15:06:18
|
Just one correction, if you want to remove the XML variable from the rules, it also appears in file #20. > -----Original Message----- > From: Joakim Schramm [mailto:joakim@...] > Sent: Monday, May 28, 2007 5:58 PM > To: Ofer Shezaf > Cc: mod-security-users@... > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question >=20 >=20 >=20 > > -----Original Message----- > > From: Ofer Shezaf [mailto:OferS@...] > > Sent: 28 May 2007 16:49 > > To: Joakim Schramm > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > Regarding XML - Avi is still investigating the problem (actually a > > solution) as we already know the problem. You have compiled > > ModSecurity without XML support, which is perfectly valid, > > but does not work with the new dev version of > > > > So you will need to either compile with XML support, wait > > till we find a generic solution, or just delete all the XML > > variables from the different rules (I think it is only in file #40) > > > > ~ Ofer >=20 > Aha, I use Gentoo and simply reused the current ebuild for 2.1.1, so I > will > have to figure out how to get xml support compiled in then ;-) >=20 > Joakim |
From: Albert E. Whale <aewhale@ABS-CompTech.com> - 2007-05-28 14:58:41
|
Thank you. Since this is a Mandriva release of the Mod_Security package I can review the information and fix it for me, and also the Mandriva distribution ... this may help a few other newcomers as well. Thank you! Ofer Shezaf wrote: > Actually Albert might be right. Some versions of Apache use an internal > keep alive pinger that issues a request without a host name. > > The Core Rule Set have a specific exclusion for that, but this rule is > probably not part of the Core Rule Set (no rule ID) and blocks this > request. > > In order to verify we will need the entire request as you can find in > the audit log. > > So in order to permit it: either use the core rule set instead of the > rules you use or refer to Ryan's recent blog entry on creating > exceptions > http://www.modsecurity.org/blog/archives/2007/02/handling_false.html > > ~ Ofer > > >> -----Original Message----- >> From: mod-security-users-bounces@... [mailto:mod- >> security-users-bounces@...] On Behalf Of Christian >> Bockermann >> Sent: Monday, May 28, 2007 11:20 AM >> To: aewhale@... >> Cc: mod-security-users@... >> Subject: Re: [mod-security-users] What is this? Can you please >> > explain? > >> Hi Albert! >> >> In this case it is not the fact that it's the localhost, but a matter >> of >> a missing/empty Accept-Header in the request. Do you use the >> > core-rules > >> or any custom-made ruleset? >> >> The core rules contain some checks that complain if an Accept-header >> > is > >> missing. This is a problem I observed with some RSS-clients for >> example. >> According to the RFC the Accept-header is optional. >> >> Regards, >> Chris >> >> >> Am 28.05.2007 um 05:26 schrieb Albert E. Whale: >> >> >>> Too me this appears to indicate that the localhost is not permitted >>> to test the root level of the web Server. Why? >>> >>> [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: >>> Access denied with code 500. Pattern match "^$" at HEADER("Accept") >>> [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id >>> "R9xVQH8AAAEAAAN2kzoAAAAF"] >>> >>> Where can I permit this? >>> >>> -- >>> Albert E. Whale, CHS CISA CISSP >>> Sr. Security, Network, Risk Assessment and Systems Consultant >>> ABS Computer Technology, Inc. - Email, Internet and Security >>> Consultants >>> SPAMZapper - No-JunkMail.com - True Spam Elimination. >>> >>> > --------------------------------------------------------------------- > >> - >> >>> --- >>> This SF.net email is sponsored by DB2 Express >>> Download DB2 Express C - the FREE version of DB2 express and take >>> control of your XML. No limits. Just data. Click to get it now. >>> http://sourceforge.net/powerbar/db2/ >>> _______________________________________________ >>> mod-security-users mailing list >>> mod-security-users@... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> >> >> > ----------------------------------------------------------------------- > >> -- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> mod-security-users mailing list >> mod-security-users@... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod-security-users@... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ------------------------------------------------------------------------ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - *True Spam Elimination*. |
From: Joakim Schramm <joakim@as...> - 2007-05-28 14:55:53
|
> -----Original Message----- > From: Ofer Shezaf [mailto:OferS@...] > Sent: 28 May 2007 16:49 > To: Joakim Schramm > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > Regarding XML - Avi is still investigating the problem (actually a > solution) as we already know the problem. You have compiled > ModSecurity without XML support, which is perfectly valid, > but does not work with the new dev version of > > So you will need to either compile with XML support, wait > till we find a generic solution, or just delete all the XML > variables from the different rules (I think it is only in file #40) > > ~ Ofer Aha, I use Gentoo and simply reused the current ebuild for 2.1.1, so I will have to figure out how to get xml support compiled in then ;-) Joakim |
From: Joakim Schramm <joakim@as...> - 2007-05-28 14:00:16
|
Well I don't want to be picky but.., I initially sent this to the list, and you must then have replied directly to me rather then to the list and I then replied on your email... ;-) All the best, Joakim > -----Original Message----- > From: Ofer Shezaf [mailto:OferS@...] > Sent: 28 May 2007 15:49 > To: Joakim Schramm > Cc: Avi Aminov > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > We are looking into it. Generally speaking we prefer to keep > such discussion to the mailing list so it can help everyone. > > ~ Ofer > > > -----Original Message----- > > From: Joakim Schramm [mailto:joakim@...] > > Sent: Monday, May 28, 2007 4:30 PM > > To: Ofer Shezaf > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > Well finally tested the dev ruleset but got this error on > restarting > > apache > > 2.2 > > > > * Apache2 has detected a syntax error in your configuration files: > > Syntax error on line 54 of > > > /etc/apache2/modules.d/mod_security2_crs/modsecurity_crs_20_pr > otocol_vi > > olati > > ons.conf: > > Error creating rule: Unknown variable: XML > > > > I use modsec 2.1.1, do I need the the dev version to use > the dev rules > > or? > > > > Joakim > > > > > -----Original Message----- > > > From: Ofer Shezaf [mailto:OferS@...] > > > Sent: 28 May 2007 14:31 > > > To: Joakim Schramm; mod-security-users@... > > > Subject: RE: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > I think it is a bug, though it has no effect what so ever on the > > > rule set functionality. So it is a "visual" bug. Anyway, we will > > > look into it. > > > > > > ~ Ofer Shezaf > > > Core Rule Set project leader > > > CTO, Breach Security > > > > > > > -----Original Message----- > > > > From: mod-security-users-bounces@... > [mailto:mod- > > > > security-users-bounces@...] On Behalf > Of Joakim > > > > Schramm > > > > Sent: Monday, May 28, 2007 3:23 PM > > > > To: mod-security-users@... > > > > Subject: [mod-security-users] Core rules 2.1-1.4b2 question > > > > > > > > Hi, > > > > > > > > When I look at the core rules dev version and compare > it with my > > > > current rulesets I notice several rules have changed > just by now > > > > having a dubble comma (like ,,) in the argument part. Is this > > > > intentional or just a result of "hastyness" in typing aka a bug? > > > > > > > > Regards, > > > > > > > > Joakim > > > > > > > > > > > > > > > -------------------------------------------------------------- > > > --------- > > > > -- > > > > This SF.net email is sponsored by DB2 Express Download DB2 > > > Express C - > > > > the FREE version of DB2 express and take control of > your XML. No > > > > limits. Just data. Click to get it now. > > > > http://sourceforge.net/powerbar/db2/ > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod-security-users@... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > |
From: Ofer Shezaf <OferS@Breach.com> - 2007-05-28 12:31:47
|
I think it is a bug, though it has no effect what so ever on the rule set functionality. So it is a "visual" bug. Anyway, we will look into it. ~ Ofer Shezaf Core Rule Set project leader CTO, Breach Security > -----Original Message----- > From: mod-security-users-bounces@... [mailto:mod- > security-users-bounces@...] On Behalf Of Joakim > Schramm > Sent: Monday, May 28, 2007 3:23 PM > To: mod-security-users@... > Subject: [mod-security-users] Core rules 2.1-1.4b2 question >=20 > Hi, >=20 > When I look at the core rules dev version and compare it with my > current > rulesets I notice several rules have changed just by now having a > dubble > comma (like ,,) in the argument part. Is this intentional or just a > result > of "hastyness" in typing aka a bug? >=20 > Regards, >=20 > Joakim >=20 >=20 > ----------------------------------------------------------------------- > -- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod-security-users@... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Joakim Schramm <joakim@as...> - 2007-05-28 12:21:16
|
Hi, When I look at the core rules dev version and compare it with my current rulesets I notice several rules have changed just by now having a dubble comma (like ,,) in the argument part. Is this intentional or just a result of "hastyness" in typing aka a bug? Regards, Joakim |
From: Ofer Shezaf <OferS@Breach.com> - 2007-05-28 10:38:41
|
Actually Albert might be right. Some versions of Apache use an internal keep alive pinger that issues a request without a host name. The Core Rule Set have a specific exclusion for that, but this rule is probably not part of the Core Rule Set (no rule ID) and blocks this request. In order to verify we will need the entire request as you can find in the audit log. So in order to permit it: either use the core rule set instead of the rules you use or refer to Ryan's recent blog entry on creating exceptions http://www.modsecurity.org/blog/archives/2007/02/handling_false.html ~ Ofer > -----Original Message----- > From: mod-security-users-bounces@... [mailto:mod- > security-users-bounces@...] On Behalf Of Christian > Bockermann > Sent: Monday, May 28, 2007 11:20 AM > To: aewhale@... > Cc: mod-security-users@... > Subject: Re: [mod-security-users] What is this? Can you please explain? >=20 > Hi Albert! >=20 > In this case it is not the fact that it's the localhost, but a matter > of > a missing/empty Accept-Header in the request. Do you use the core-rules > or any custom-made ruleset? >=20 > The core rules contain some checks that complain if an Accept-header is > missing. This is a problem I observed with some RSS-clients for > example. > According to the RFC the Accept-header is optional. >=20 > Regards, > Chris >=20 >=20 > Am 28.05.2007 um 05:26 schrieb Albert E. Whale: >=20 > > Too me this appears to indicate that the localhost is not permitted > > to test the root level of the web Server. Why? > > > > [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: > > Access denied with code 500. Pattern match "^$" at HEADER("Accept") > > [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id > > "R9xVQH8AAAEAAAN2kzoAAAAF"] > > > > Where can I permit this? > > > > -- > > Albert E. Whale, CHS CISA CISSP > > Sr. Security, Network, Risk Assessment and Systems Consultant > > ABS Computer Technology, Inc. - Email, Internet and Security > > Consultants > > SPAMZapper - No-JunkMail.com - True Spam Elimination. > > --------------------------------------------------------------------- > - > > --- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > mod-security-users mailing list > > mod-security-users@... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >=20 >=20 > ----------------------------------------------------------------------- > -- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod-security-users@... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Alberto Gonzalez Iniesta <agi@in...> - 2007-05-28 10:21:14
|
On Sun, May 27, 2007 at 09:51:00PM +0200, kroc69 wrote: > Hi all > > I just trying from yesterday to install mod_security2 on a Etch distro > and nether the less my attempts I have always that error message > > /usr/share/apr-1.0/build/libtool: line 1222: i486-linux-gnu-gcc: command > not found. > > I follow the ModSecurity Reference Manual Installation part and put into > the Makefile what I think/hope is the top_dir which is for me > /usr/share/apache2. I also installed the module mod_unique_id. > > What's going wrong from your input, please ? > > thanks in advance You may want to try the Debian packages at: http://etc.inittab.org/~agi/debian/libapache-mod-security2/ Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
From: Christian Bockermann <chris@jw...> - 2007-05-28 08:20:06
|
Hi Albert! In this case it is not the fact that it's the localhost, but a matter of a missing/empty Accept-Header in the request. Do you use the core-rules or any custom-made ruleset? The core rules contain some checks that complain if an Accept-header is missing. This is a problem I observed with some RSS-clients for example. According to the RFC the Accept-header is optional. Regards, Chris Am 28.05.2007 um 05:26 schrieb Albert E. Whale: > Too me this appears to indicate that the localhost is not permitted > to test the root level of the web Server. Why? > > [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: > Access denied with code 500. Pattern match "^$" at HEADER("Accept") > [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id > "R9xVQH8AAAEAAAN2kzoAAAAF"] > > Where can I permit this? > > -- > Albert E. Whale, CHS CISA CISSP > Sr. Security, Network, Risk Assessment and Systems Consultant > ABS Computer Technology, Inc. - Email, Internet and Security > Consultants > SPAMZapper - No-JunkMail.com - True Spam Elimination. > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod-security-users@... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Albert E. Whale <aewhale@ABS-CompTech.com> - 2007-05-28 03:26:18
|
Too me this appears to indicate that the localhost is not permitted to test the root level of the web Server. Why? [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: Access denied with code 500. Pattern match "^$" at HEADER("Accept") [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id "R9xVQH8AAAEAAAN2kzoAAAAF"] Where can I permit this? -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ------------------------------------------------------------------------ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - *True Spam Elimination*. |
From: hanj <mailing@as...> - 2007-05-28 00:18:38
|
On Mon, 28 May 2007 01:44:35 +0200 Christian Bockermann <chris@...> wrote: > Hi hanj! > > I had a short look at your config and set it up here locally within a > virtual host. > > I have two virtual hosts - one is acting as reverse-proxy and includes > the rules you've posted. It forwards all requests to another "dummy" > virtual host. This one will respond to any request with just a > default-page. > > With you rules, the POST-requests that contain "abc" or "123" did not > get through the proxy-vhost and thus never reached the "dummy" server. > If I got your description right - this is basically what you wanted to > achieve. > > To track down your problem even further you should perhaps raise the > debug-loglevel (SecDebugLogLevel 9) and look at this. If you still > experience problems it would be helpful to have the debug-output and > - in order to exactly reproduce your problem a complete audit-log entry > would be nice. > > Regards, > Chris > > Hello Before the segfault, it did write the debug log. I took out the timestamps, etc. This line seems interesting to me: [/index.php/contact.process/][4] Phase REQUEST_BODY already complete, skipping. I also pasted the modsec_audit.log from this same transaction(s). The odd thing is the order of things. A - start of the request B - POST C - Payload F - is my redirect back to the 'thank you for your message' page H - Access Denied (but it already redirected) Just to clarify, I changed spam words so it gets delivered to the list. Thanks! hanji [/lib/style.css][4] Starting phase REQUEST_HEADERS. [/lib/style.css][9] This phase consists of 0 rule(s). [/lib/style.css][4] Second phase starting (dcfg 8165370). [/lib/style.css][4] Input filter: This request does not have a body. [/lib/style.css][4] Time #1: 1328 [/lib/style.css][4] Starting phase REQUEST_BODY. [/lib/style.css][9] This phase consists of 2 rule(s). [/lib/style.css][4] Recipe: Invoking rule 8284d38. [/lib/style.css][4] Rule returned 0. [/lib/style.css][9] No match, not chained -> mode NEXT_RULE. [/lib/style.css][4] Recipe: Invoking rule 8284fc8. [/lib/style.css][4] Rule returned 0. [/lib/style.css][9] No match, not chained -> mode NEXT_RULE. [/lib/style.css][4] Time #2: 1592 [/lib/style.css][4] Phase REQUEST_BODY already complete, skipping. [/lib/style.css][4] Hook insert_filter: Adding output filter (r 8530d50). [/lib/style.css][4] Initialising logging. [/lib/style.css][4] Starting phase LOGGING. [/lib/style.css][9] This phase consists of 0 rule(s). [/lib/style.css][4] Audit log: Ignoring a non-relevant request. [/index.php/contact.process/][4] Initialising transaction (txid XRtJ40LbO5UAAElxTNQAAAAA). [/index.php/contact.process/][5] Adding request cookie: name "Email", value "admin%40domain.com" [/index.php/contact.process/][5] Adding request cookie: name "notify_me", value "0" [/index.php/contact.process/][5] Adding request cookie: name "save_info", value "0" [/index.php/contact.process/][5] Adding request cookie: name "Author", value "admin" [/index.php/contact.process/][5] Adding request cookie: name "PHPSESSID", value "aa520661c8e99364122a8c60ff651e3a" [/index.php/contact.process/][4] Transaction context created (dcfg 8165370). [/index.php/contact.process/][4] Starting phase REQUEST_HEADERS. [/index.php/contact.process/][4] Second phase starting (dcfg 8165370). [/index.php/contact.process/][4] Input filter: Reading request body. [/index.php/contact.process/][5] Adding request argument (BODY): name "FirstName", value "asdfasfd" [/index.php/contact.process/][5] Adding request argument (BODY): name "LastName", value "asfd" [/index.php/contact.process/][5] Adding request argument (BODY): name "Email", value "asdf@..." [/index.php/contact.process/][5] Adding request argument (BODY): name "Message", value "spam content" [/index.php/contact.process/][5] Adding request argument (BODY): name "formAction", value "send" [/index.php/contact.process/][4] Input filter: Completed receiving request body (length 92). [/index.php/contact.process/][4] Time #1: 98949 [/index.php/contact.process/][4] Starting phase REQUEST_BODY. [/index.php/contact.process/][4] Recipe: Invoking rule 8284d38. [/index.php/contact.process/][4] Executing operator rx with param "(spam|content|removed|for|list)" against REQUEST_BODY. [/index.php/contact.process/][4] Operator completed in 26 usec. [/index.php/contact.process/][4] Rule returned 1. [/index.php/contact.process/][1] Access denied with code 403 (phase 2). Pattern match "(spam|content|removed|for|list)" at REQUEST_BODY. [/index.php/contact.process/][4] Time #2: 99221 [/index.php/contact.process/][4] Phase REQUEST_BODY already complete, skipping. [/index.php/contact.process/][4] Hook insert_filter: Adding input forwarding filter (r 8530d58). [/index.php/contact.process/][4] Hook insert_filter: Adding output filter (r 8530d58). [/contact.process/][4] Phase REQUEST_BODY already complete, skipping. [/contact.process/][4] Input filter: Forwarding input: mode=0, block=0, nbytes=4000 (f 8532b88, r 8530d58). [/index.php/contact.process/][1] Access denied with code 403 (phase 2). Pattern match "(spam|content|removed|for|list)" at REQUEST_BODY. [/index.php/contact.process/][4] Initialising transaction (txid XvhgpELbO5UAAEopRm0AAAAA). [/index.php/contact.process/][4] Transaction context created (dcfg 8165370). [/index.php/contact.process/][4] Starting phase REQUEST_HEADERS. [/index.php/contact.process/][4] Second phase starting (dcfg 8165370). [/index.php/contact.process/][4] Input filter: Reading request body. [/index.php/contact.process/][4] Input filter: Completed receiving request body (length 92). [/index.php/contact.process/][4] Time #1: 98932 [/index.php/contact.process/][4] Starting phase REQUEST_BODY. [/index.php/contact.process/][4] Recipe: Invoking rule 8284d38. [/index.php/contact.process/][4] Executing operator rx with param "(spam|content|removed|for|list)" against REQUEST_BODY. [/index.php/contact.process/][4] Operator completed in 25 usec. [/index.php/contact.process/][4] Rule returned 1. [/index.php/contact.process/][1] Access denied with code 403 (phase 2). Pattern match "(spam|content|removed|for|list)" at REQUEST_BODY. [/index.php/contact.process/][4] Time #2: 99215 [/index.php/contact.process/][4] Phase REQUEST_BODY already complete, skipping. [/index.php/contact.process/][4] Hook insert_filter: Adding input forwarding filter (r 8530d60). [/index.php/contact.process/][4] Hook insert_filter: Adding output filter (r 8530d60). [/contact.process/][4] Phase REQUEST_BODY already complete, skipping. [/contact.process/][4] Input filter: Forwarding input: mode=0, block=0, nbytes=4000 (f 8532b90, r 8530d60). --------------------------------------- Here is the audit_log --a538181a-A-- [27/May/2007:17:55:29 --0600] XfZ8ikLbO5UAAEm8SIoAAAAA xxx.xxx.xxx.xxx 3083 xxx.xxx.xxx.xxx 80 --a538181a-B-- POST /index.php/contact.process/ HTTP/1.1 Host: http://www.domain.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.domain.com/index.php/contact.main.htm Cookie: Email=admin%40domain.com; __utma=263310793.103240923.1170701296.1180289490.1180309404.125; __utmz=263310793.1170701296.1.1.u tmccn=(direct)|utmcsr=(direct)|utmcmd=(none); notify_me=0; save_info=0; Author=admin; PHPSESSID=aa520661c8e99364122a8c60ff651e3a; __utmc=263310 793; f278ca17e89411619d8fa8529961a7e0=968521b06021c2e0080e5d8301bcd0a2; __utmb=263310793 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded Content-Length: 92 --a538181a-C-- FirstName=asdfasfd&LastName=asfd&Email=asdf%40asdf.com&Message=spam+content&formAction=send --a538181a-F-- HTTP/1.1 302 Found Set-Cookie: f278ca17e89411619d8fa8529961a7e0=968521b06021c2e0080e5d8301bcd0a2; expires=Mon, 28 May 2007 00:24:28 GMT; path=/; domain=www.domain.com Location: http://www.domain.com/index.php/code/ce385082a735db58c0b429cc0ea6cd1f/contact.main.htm Content-Length: 0 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html --a538181a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(spam|content|removed|for|list)" at REQUEST_BODY. Action: Intercepted (phase 2) Stopwatch: 1180310128983178 168713 (97389* 97651 167526) Producer: ModSecurity v2.1.1 (Apache 2.x) Server: Apache --a538181a-Z-- |