|
From: Mike L. <mi...@ne...> - 2018-12-05 04:48:49
|
I have an apache2 install and have had three virtual hosts running on the site successfully for other three years. I installed modsecurity on Linux Mint 18.3.. THERE ARE NO error messages. my@FamilyServer /var/log/apache2 # apachectl -M | grep --color security security2_module (shared) The mode security log shows no errors. The apache2 error log does show an error, but I had read it is not a problem. See log snippet below in this email. There are three virtual host config files... identical in sites-available and sites allowed. http requests for all three URLs "work," by that there are no error messages, no 403 or 404. Typing the URL's for two result in correct results. Typing in the URL for the third displays one of the other sites. This NEVER HAPPENED until modsecurity was installed. I am lost and don't even know where to look. [Wed Dec 05 11:31:38.000649 2018] [:notice] [pid 6194] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured. [Wed Dec 05 11:31:38.000852 2018] [:notice] [pid 6194] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.2" [Wed Dec 05 11:31:38.000864 2018] [:warn] [pid 6194] ModSecurity: Loaded APR do not match with compiled! [Wed Dec 05 11:31:38.000876 2018] [:notice] [pid 6194] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.41 2017-07-05" [Wed Dec 05 11:31:38.000901 2018] [:warn] [pid 6194] ModSecurity: Loaded PCRE do not match with compiled! [Wed Dec 05 11:31:38.000910 2018] [:notice] [pid 6194] ModSecurity: LUA compiled version="Lua 5.1" [Wed Dec 05 11:31:38.000919 2018] [:notice] [pid 6194] ModSecurity: YAJL compiled version="2.1.0" [Wed Dec 05 11:31:38.000928 2018] [:notice] [pid 6194] ModSecurity: LIBXML compiled version="2.9.2" [Wed Dec 05 11:31:38.001043 2018] [:notice] [pid 6194] ModSecurity: StatusEngine call: "2.9.0,Apache/2.4.18 (Ubuntu),1.5.1/1.5.2,8.35/8.41 2017-07-05,Lua 5.1,2.9.2,139cd0575fbb1eb666d44f3080f7c68a40ce8da9" [Wed Dec 05 11:31:38.238158 2018] [:notice] [pid 6194] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/ [Wed Dec 05 11:31:39.010423 2018] [mpm_prefork:notice] [pid 6195] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations [Wed Dec 05 11:31:39.010518 2018] [core:notice] [pid 6195] AH00094: Command line: '/usr/sbin/apache2' Here are the contents of the two virtual host files which are at issues. <VirtualHost www.gensanexpat.org:80> ServerAdmin mi...@ne... ServerName www.gensanexpat.org NameVirtualHost www.gensanexpat.org ServerAlias gensanexpat.org DocumentRoot /var/www/html/gensan ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/gensan.log combined </VirtualHost> <VirtualHost www.netwright.net:80> ServerAdmin mi...@ne... ServerName www.netwright.net NameVirtualHost www.netwright.net ServerAlias netwright.net DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/nw.log combined </VirtualHost> AND here is the contents of the nw.log file! my@FamilyServer /var/log/apache2 # cat nw.log 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET / HTTP/1.1" 200 967 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36" 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET /favicon.ico?v=2 HTTP/1.1" 200 476 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36" 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET / HTTP/1.1" 200 966 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36" 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET /favicon.ico?v=2 HTTP/1.1" 200 475 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36" =========================== Michael "Mike" Lieberman | <http://lieberman.blog.netwright.net:7080/> Blog Purok 13, Morales Subd. Brgy Mabuhay, General Santos City, 9500 Philippines <https://map.what3words.com/overexposed.pedestals.rakes> See MAP Cell: <tel:%2B63%20%28917%29%20358-1442> +63 (917) 311-0674 (Voice and Text) LandLine: <tel:%2B63%20%2883%29%20552-1153> +63 (083) 887-2154 (Voice Only) |
|
Re: [mod-security-users] NEWBIE to modsecurity... No error messaged
BUT the wrong site is displayed.
From: Christian F. <chr...@ne...> - 2018-12-05 05:00:26
|
Hey Mike, Now should there be any log/error messages? Do you have any rules installed at all? Also: The messages that you sent show an incompatibility problem with APR and PCRE. This is an issue and you should fix it. Feeling lost, you may want to turn to the tutorials at https://netnea.com/apache-tutorials/ They provide you with a step by step introduction to ModSecurity. You do not need to follow the self-compilation approach of the tutorials. But the first examples will at least tell you what to expect in the log files. Good luck, Christian On Wed, Dec 05, 2018 at 12:32:06PM +0800, Mike Lieberman wrote: > I have an apache2 install and have had three virtual hosts running on the > site successfully for other three years. > > I installed modsecurity on Linux Mint 18.3.. > > THERE ARE NO error messages. > > > > my@FamilyServer /var/log/apache2 # apachectl -M | grep --color security > > security2_module (shared) > > > > The mode security log shows no errors. > > > > The apache2 error log does show an error, but I had read it is not a > problem. See log snippet below in this email. > > There are three virtual host config files... identical in sites-available > and sites allowed. > > http requests for all three URLs "work," by that there are no error > messages, no 403 or 404. > > Typing the URL's for two result in correct results. > > Typing in the URL for the third displays one of the other sites. This NEVER > HAPPENED until modsecurity was installed. > > > > I am lost and don't even know where to look. > > > > [Wed Dec 05 11:31:38.000649 2018] [:notice] [pid 6194] ModSecurity for > Apache/2.9.0 (http://www.modsecurity.org/) configured. > > [Wed Dec 05 11:31:38.000852 2018] [:notice] [pid 6194] ModSecurity: APR > compiled version="1.5.1"; loaded version="1.5.2" > > [Wed Dec 05 11:31:38.000864 2018] [:warn] [pid 6194] ModSecurity: Loaded APR > do not match with compiled! > > [Wed Dec 05 11:31:38.000876 2018] [:notice] [pid 6194] ModSecurity: PCRE > compiled version="8.35 "; loaded version="8.41 2017-07-05" > > [Wed Dec 05 11:31:38.000901 2018] [:warn] [pid 6194] ModSecurity: Loaded > PCRE do not match with compiled! > > [Wed Dec 05 11:31:38.000910 2018] [:notice] [pid 6194] ModSecurity: LUA > compiled version="Lua 5.1" > > [Wed Dec 05 11:31:38.000919 2018] [:notice] [pid 6194] ModSecurity: YAJL > compiled version="2.1.0" > > [Wed Dec 05 11:31:38.000928 2018] [:notice] [pid 6194] ModSecurity: LIBXML > compiled version="2.9.2" > > [Wed Dec 05 11:31:38.001043 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call: "2.9.0,Apache/2.4.18 (Ubuntu),1.5.1/1.5.2,8.35/8.41 > 2017-07-05,Lua 5.1,2.9.2,139cd0575fbb1eb666d44f3080f7c68a40ce8da9" > > [Wed Dec 05 11:31:38.238158 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call successfully sent. For more information visit: > http://status.modsecurity.org/ > > [Wed Dec 05 11:31:39.010423 2018] [mpm_prefork:notice] [pid 6195] AH00163: > Apache/2.4.18 (Ubuntu) configured -- resuming normal operations > > [Wed Dec 05 11:31:39.010518 2018] [core:notice] [pid 6195] AH00094: Command > line: '/usr/sbin/apache2' > > > > Here are the contents of the two virtual host files which are at issues. > > > > <VirtualHost www.gensanexpat.org:80> > > ServerAdmin mi...@ne... > > ServerName www.gensanexpat.org > > NameVirtualHost www.gensanexpat.org > > ServerAlias gensanexpat.org > > DocumentRoot /var/www/html/gensan > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/gensan.log combined > > </VirtualHost> > > > > <VirtualHost www.netwright.net:80> > > ServerAdmin mi...@ne... > > ServerName www.netwright.net > > NameVirtualHost www.netwright.net > > ServerAlias netwright.net > > DocumentRoot /var/www/html > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/nw.log combined > > </VirtualHost> > > > > AND here is the contents of the nw.log file! > > my@FamilyServer /var/log/apache2 # cat nw.log > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET / HTTP/1.1" 200 967 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 476 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 > Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET / HTTP/1.1" 200 966 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 475 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows NT > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 > Safari/537.36" > > > > =========================== > > Michael "Mike" Lieberman | <http://lieberman.blog.netwright.net:7080/> Blog > > Purok 13, Morales Subd. > Brgy Mabuhay, General Santos City, 9500 Philippines > <https://map.what3words.com/overexposed.pedestals.rakes> See MAP > > Cell: <tel:%2B63%20%28917%29%20358-1442> +63 (917) 311-0674 (Voice and > Text) > LandLine: <tel:%2B63%20%2883%29%20552-1153> +63 (083) 887-2154 (Voice > Only) > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
Re: [mod-security-users] NEWBIE to modsecurity... No error messaged
BUT the wrong site is displayed.
From: Mike L. <mi...@ne...> - 2018-12-05 05:34:23
|
Hi Christian, This is a plain vanilla install. I have not set up any rules yet. I just wanted to get it installed and make sure all was running. I checked on PRCE issue and found this: We have run into the same issue. It is because we have installed php and apache from ppa.launchpad.net/ondrej/php/ubuntu repository and it comes with libpcre3 Version: 2:8.41-4+ubuntu16.04.1+deb.sury.org+1 I don't now if PCRE 8.41 instead of 8.38 is a struggle for modsecurity, but it seems to work fine. As we can't downgrade PCRE, because of dependencies from PPA repository, we will go with this warning until we realize some real issues with modsecurity - Stephan Oct 27 at 10:00 I checked on the APR issue and found this from Apache: That does not matter/harm, no API change between APR 1.5.1 and 1.5.2. The tutorial you mentioned is not how modsecurity installs in Ubuntu and Mint. Even simple things such as httpd.conf is different and is replaced with /etc/apache2/apache2.conf. The packages are installed via apt and "make" and related issues are not dealt with. The dpkg process establishes user ownership and much else. To that extent, exactly where this tutorial fits in is unclear to me. Still scratching my head. Mike -----Original Message----- From: Christian Folini [mailto:chr...@ne...] Sent: Wednesday, December 5, 2018 1:00 PM To: mod...@li... Subject: Re: [mod-security-users] NEWBIE to modsecurity... No error messaged BUT the wrong site is displayed. Hey Mike, Now should there be any log/error messages? Do you have any rules installed at all? Also: The messages that you sent show an incompatibility problem with APR and PCRE. This is an issue and you should fix it. Feeling lost, you may want to turn to the tutorials at <https://netnea.com/apache-tutorials/> https://netnea.com/apache-tutorials/ They provide you with a step by step introduction to ModSecurity. You do not need to follow the self-compilation approach of the tutorials. But the first examples will at least tell you what to expect in the log files. Good luck, Christian On Wed, Dec 05, 2018 at 12:32:06PM +0800, Mike Lieberman wrote: > I have an apache2 install and have had three virtual hosts running on > the site successfully for other three years. > > I installed modsecurity on Linux Mint 18.3.. > > THERE ARE NO error messages. > > > > my@FamilyServer /var/log/apache2 # apachectl -M | grep --color > security > > security2_module (shared) > > > > The mode security log shows no errors. > > > > The apache2 error log does show an error, but I had read it is not a > problem. See log snippet below in this email. > > There are three virtual host config files... identical in > sites-available and sites allowed. > > http requests for all three URLs "work," by that there are no error > messages, no 403 or 404. > > Typing the URL's for two result in correct results. > > Typing in the URL for the third displays one of the other sites. This > NEVER HAPPENED until modsecurity was installed. > > > > I am lost and don't even know where to look. > > > > [Wed Dec 05 11:31:38.000649 2018] [:notice] [pid 6194] ModSecurity for > Apache/2.9.0 ( <http://www.modsecurity.org/> http://www.modsecurity.org/) configured. > > [Wed Dec 05 11:31:38.000852 2018] [:notice] [pid 6194] ModSecurity: > APR compiled version="1.5.1"; loaded version="1.5.2" > > [Wed Dec 05 11:31:38.000864 2018] [:warn] [pid 6194] ModSecurity: > Loaded APR do not match with compiled! > > [Wed Dec 05 11:31:38.000876 2018] [:notice] [pid 6194] ModSecurity: > PCRE compiled version="8.35 "; loaded version="8.41 2017-07-05" > > [Wed Dec 05 11:31:38.000901 2018] [:warn] [pid 6194] ModSecurity: > Loaded PCRE do not match with compiled! > > [Wed Dec 05 11:31:38.000910 2018] [:notice] [pid 6194] ModSecurity: > LUA compiled version="Lua 5.1" > > [Wed Dec 05 11:31:38.000919 2018] [:notice] [pid 6194] ModSecurity: > YAJL compiled version="2.1.0" > > [Wed Dec 05 11:31:38.000928 2018] [:notice] [pid 6194] ModSecurity: > LIBXML compiled version="2.9.2" > > [Wed Dec 05 11:31:38.001043 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call: "2.9.0,Apache/2.4.18 (Ubuntu),1.5.1/1.5.2,8.35/8.41 > 2017-07-05,Lua 5.1,2.9.2,139cd0575fbb1eb666d44f3080f7c68a40ce8da9" > > [Wed Dec 05 11:31:38.238158 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call successfully sent. For more information visit: > <http://status.modsecurity.org/> http://status.modsecurity.org/ > > [Wed Dec 05 11:31:39.010423 2018] [mpm_prefork:notice] [pid 6195] AH00163: > Apache/2.4.18 (Ubuntu) configured -- resuming normal operations > > [Wed Dec 05 11:31:39.010518 2018] [core:notice] [pid 6195] AH00094: > Command > line: '/usr/sbin/apache2' > > > > Here are the contents of the two virtual host files which are at issues. > > > > <VirtualHost <http://www.gensanexpat.org:80> www.gensanexpat.org:80> > > ServerAdmin <mailto:mi...@ne...> mi...@ne... > > ServerName <http://www.gensanexpat.org> www.gensanexpat.org > > NameVirtualHost <http://www.gensanexpat.org> www.gensanexpat.org > > ServerAlias gensanexpat.org > > DocumentRoot /var/www/html/gensan > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/gensan.log combined > > </VirtualHost> > > > > <VirtualHost <http://www.netwright.net:80> www.netwright.net:80> > > ServerAdmin <mailto:mi...@ne...> mi...@ne... > > ServerName <http://www.netwright.net> www.netwright.net > > NameVirtualHost <http://www.netwright.net> www.netwright.net > > ServerAlias netwright.net > > DocumentRoot /var/www/html > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/nw.log combined > > </VirtualHost> > > > > AND here is the contents of the nw.log file! > > my@FamilyServer /var/log/apache2 # cat nw.log > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET / HTTP/1.1" 200 967 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, > like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 476 " <http://www.gensanexpat.org/> http://www.gensanexpat.org/" "Mozilla/5.0 (Windows > NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET / HTTP/1.1" 200 966 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, > like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 475 " <http://www.gensanexpat.org/> http://www.gensanexpat.org/" "Mozilla/5.0 (Windows > NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/71.0.3578.80 Safari/537.36" > > > > =========================== > > Michael "Mike" Lieberman | > < <http://lieberman.blog.netwright.net:7080/> http://lieberman.blog.netwright.net:7080/> Blog > > Purok 13, Morales Subd. > Brgy Mabuhay, General Santos City, 9500 Philippines > < <https://map.what3words.com/overexposed.pedestals.rakes> https://map.what3words.com/overexposed.pedestals.rakes> See MAP > > Cell: < <tel:%2B63%20%28917%29%20358-1442> tel:%2B63%20%28917%29%20358-1442> +63 (917) 311-0674 (Voice > and > Text) > LandLine: < <tel:%2B63%20%2883%29%20552-1153> tel:%2B63%20%2883%29%20552-1153> +63 (083) 887-2154 (Voice > Only) > > _______________________________________________ > mod-security-users mailing list > <mailto:mod...@li...> mod...@li... > <https://lists.sourceforge.net/lists/listinfo/mod-security-users> https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > <http://www.modsecurity.org/projects/commercial/rules/> http://www.modsecurity.org/projects/commercial/rules/ > <http://www.modsecurity.org/projects/commercial/support/> http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list <mailto:mod...@li...> mod...@li... <https://lists.sourceforge.net/lists/listinfo/mod-security-users> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: <http://www.modsecurity.org/projects/commercial/rules/> http://www.modsecurity.org/projects/commercial/rules/ <http://www.modsecurity.org/projects/commercial/support/> http://www.modsecurity.org/projects/commercial/support/ |
|
Re: [mod-security-users] NEWBIE to modsecurity... No error messaged
BUT the wrong site is displayed.
From: Mike L. <mi...@ne...> - 2018-12-05 06:38:47
|
The matter has been resolved by moving the problem website to a different folder... not sure why that matters... but it is now working. -----Original Message----- From: Christian Folini [mailto:chr...@ne...] Sent: Wednesday, December 5, 2018 1:00 PM To: mod...@li... Subject: Re: [mod-security-users] NEWBIE to modsecurity... No error messaged BUT the wrong site is displayed. Hey Mike, Now should there be any log/error messages? Do you have any rules installed at all? Also: The messages that you sent show an incompatibility problem with APR and PCRE. This is an issue and you should fix it. Feeling lost, you may want to turn to the tutorials at https://netnea.com/apache-tutorials/ They provide you with a step by step introduction to ModSecurity. You do not need to follow the self-compilation approach of the tutorials. But the first examples will at least tell you what to expect in the log files. Good luck, Christian On Wed, Dec 05, 2018 at 12:32:06PM +0800, Mike Lieberman wrote: > I have an apache2 install and have had three virtual hosts running on > the site successfully for other three years. > > I installed modsecurity on Linux Mint 18.3.. > > THERE ARE NO error messages. > > > > my@FamilyServer /var/log/apache2 # apachectl -M | grep --color > security > > security2_module (shared) > > > > The mode security log shows no errors. > > > > The apache2 error log does show an error, but I had read it is not a > problem. See log snippet below in this email. > > There are three virtual host config files... identical in > sites-available and sites allowed. > > http requests for all three URLs "work," by that there are no error > messages, no 403 or 404. > > Typing the URL's for two result in correct results. > > Typing in the URL for the third displays one of the other sites. This > NEVER HAPPENED until modsecurity was installed. > > > > I am lost and don't even know where to look. > > > > [Wed Dec 05 11:31:38.000649 2018] [:notice] [pid 6194] ModSecurity for > Apache/2.9.0 (http://www.modsecurity.org/) configured. > > [Wed Dec 05 11:31:38.000852 2018] [:notice] [pid 6194] ModSecurity: > APR compiled version="1.5.1"; loaded version="1.5.2" > > [Wed Dec 05 11:31:38.000864 2018] [:warn] [pid 6194] ModSecurity: > Loaded APR do not match with compiled! > > [Wed Dec 05 11:31:38.000876 2018] [:notice] [pid 6194] ModSecurity: > PCRE compiled version="8.35 "; loaded version="8.41 2017-07-05" > > [Wed Dec 05 11:31:38.000901 2018] [:warn] [pid 6194] ModSecurity: > Loaded PCRE do not match with compiled! > > [Wed Dec 05 11:31:38.000910 2018] [:notice] [pid 6194] ModSecurity: > LUA compiled version="Lua 5.1" > > [Wed Dec 05 11:31:38.000919 2018] [:notice] [pid 6194] ModSecurity: > YAJL compiled version="2.1.0" > > [Wed Dec 05 11:31:38.000928 2018] [:notice] [pid 6194] ModSecurity: > LIBXML compiled version="2.9.2" > > [Wed Dec 05 11:31:38.001043 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call: "2.9.0,Apache/2.4.18 (Ubuntu),1.5.1/1.5.2,8.35/8.41 > 2017-07-05,Lua 5.1,2.9.2,139cd0575fbb1eb666d44f3080f7c68a40ce8da9" > > [Wed Dec 05 11:31:38.238158 2018] [:notice] [pid 6194] ModSecurity: > StatusEngine call successfully sent. For more information visit: > http://status.modsecurity.org/ > > [Wed Dec 05 11:31:39.010423 2018] [mpm_prefork:notice] [pid 6195] AH00163: > Apache/2.4.18 (Ubuntu) configured -- resuming normal operations > > [Wed Dec 05 11:31:39.010518 2018] [core:notice] [pid 6195] AH00094: > Command > line: '/usr/sbin/apache2' > > > > Here are the contents of the two virtual host files which are at issues. > > > > <VirtualHost www.gensanexpat.org:80> > > ServerAdmin mi...@ne... > > ServerName www.gensanexpat.org > > NameVirtualHost www.gensanexpat.org > > ServerAlias gensanexpat.org > > DocumentRoot /var/www/html/gensan > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/gensan.log combined > > </VirtualHost> > > > > <VirtualHost www.netwright.net:80> > > ServerAdmin mi...@ne... > > ServerName www.netwright.net > > NameVirtualHost www.netwright.net > > ServerAlias netwright.net > > DocumentRoot /var/www/html > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/nw.log combined > > </VirtualHost> > > > > AND here is the contents of the nw.log file! > > my@FamilyServer /var/log/apache2 # cat nw.log > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET / HTTP/1.1" 200 967 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, > like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:56 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 476 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows > NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET / HTTP/1.1" 200 966 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, > like > Gecko) Chrome/71.0.3578.80 Safari/537.36" > > 192.168.1.73 - - [05/Dec/2018:12:21:57 +0800] "GET /favicon.ico?v=2 > HTTP/1.1" 200 475 "http://www.gensanexpat.org/" "Mozilla/5.0 (Windows > NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/71.0.3578.80 Safari/537.36" > > > > =========================== > > Michael "Mike" Lieberman | > <http://lieberman.blog.netwright.net:7080/> Blog > > Purok 13, Morales Subd. > Brgy Mabuhay, General Santos City, 9500 Philippines > <https://map.what3words.com/overexposed.pedestals.rakes> See MAP > > Cell: <tel:%2B63%20%28917%29%20358-1442> +63 (917) 311-0674 (Voice > and > Text) > LandLine: <tel:%2B63%20%2883%29%20552-1153> +63 (083) 887-2154 (Voice > Only) > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
