Thread: [mod-security-users] Unsubscribe
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Michael W. <WH...@wa...> - 2010-07-29 17:11:36
|
Please unsubscribe from this email list, as I am retiring and won't have any need. Thanks for the help. Michael Wheeler >>> <mod...@li...> 7/29/2010 7:14 AM >>> Send mod-security-users mailing list submissions to mod...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/mod-security-users or, via email, send a message with subject or body 'help' to mod...@li... You can reach the person managing the list at mod...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of mod-security-users digest..." Today's Topics: 1. Setting collection variables from Lua (Jamuse) 2. Stepping Down From the ModSecurity Team (Brian Rectanus) 3. Re: Stepping Down From the ModSecurity Team (Sergio) 4. Help with transition from "old" ModSecurity? (th...@pr...) 5. Re: Help with transition from "old" ModSecurity? (Jason Haar) 6. Re: Help with transition from "old" ModSecurity? (th...@pr...) 7. UNSUBSCRIBE (Nagesh Cherukuri) 8. mod_unique_id for ModSecurity (ja...@je...) ---------------------------------------------------------------------- Message: 1 Date: Thu, 22 Jul 2010 22:23:43 +0300 From: Jamuse <ja...@gm...> Subject: [mod-security-users] Setting collection variables from Lua To: mod...@li... Message-ID: <AAN...@ma...> Content-Type: text/plain; charset="iso-8859-1" Is there a way to set a collection variable from a Lua script? Perhaps something like m.setvar. Alternatively, can I return the value I want to set in a collection value to modsec and use the rules language to set a collection variable? Thanks -- - Josh -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Fri, 23 Jul 2010 09:16:54 -0700 From: Brian Rectanus <bre...@gm...> Subject: [mod-security-users] Stepping Down From the ModSecurity Team To: mod...@li..., mod...@li..., mod...@li... Message-ID: <AAN...@ma...> Content-Type: text/plain; charset=UTF-8 All, I wanted to let everyone know that today is my last day working for Breach Security/Trustwave and I am stepping down from my role in ModSecurity. Trustwave's Spider Labs will be continuing the ModSecurity project. Please see my blog... http://blog.modsecurity.org/2010/07/modsecurity-has-a-new-home.html It has been fantastic working with everyone in the community and I look forward to continuing, just with a different role. -B ------------------------------ Message: 3 Date: Fri, 23 Jul 2010 16:03:33 -0600 From: Sergio <se...@gm...> Subject: Re: [mod-security-users] Stepping Down From the ModSecurity Team To: Brian Rectanus <bre...@gm...> Cc: mod...@li..., mod...@li..., mod...@li... Message-ID: <AAN...@ma...> Content-Type: text/plain; charset="iso-8859-1" Good luck and thank you for your support when I needed. Best Regards, Sergio Cabrera On Fri, Jul 23, 2010 at 10:16 AM, Brian Rectanus <bre...@gm...> wrote: > All, > > I wanted to let everyone know that today is my last day working for > Breach Security/Trustwave and I am stepping down from my role in > ModSecurity. Trustwave's Spider Labs will be continuing the > ModSecurity project. Please see my blog... > > http://blog.modsecurity.org/2010/07/modsecurity-has-a-new-home.html > > It has been fantastic working with everyone in the community and I > look forward to continuing, just with a different role. > > -B > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 4 Date: Wed, 28 Jul 2010 00:17:00 +0000 From: th...@pr... Subject: [mod-security-users] Help with transition from "old" ModSecurity? To: mod...@li... Message-ID: <201...@ww...> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Hello, I am running now ModSec 2.5.11 with CRS 2.0.7 on a Debian Lenny. I used ModSec before, when "it was dfferent", ie. version 2.1.1 or something, when there was no "scoring" and similar things implemented. I am struggeling with messages like ModSecurity: Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file "/etc/apache2/modsecurity_crs/base_rules/modsecurity_crs_60_correlation.conf"] [line "35"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5, SQLi=, XSS=): when my /etc/apache2/modsecurity_crs/modsecurity_crs_10_config.conf says this: SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20" I am having similar problems with tx.max_num_args and such. I just cannot set these variables for some reason. Can you please point me in the right direction? Cheers Thomas ------------------------------ Message: 5 Date: Wed, 28 Jul 2010 14:29:35 +1200 From: Jason Haar <Jas...@tr...> Subject: Re: [mod-security-users] Help with transition from "old" ModSecurity? To: mod...@li... Message-ID: <4C4...@tr...> Content-Type: text/plain; charset=ISO-8859-1 On 07/28/2010 12:17 PM, th...@pr... wrote: > SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20" > > I am having similar problems with tx.max_num_args and such. I just > cannot set these variables for some reason. I got hit by the same issue - I'm guessing you didn't replace modsecurity_crs_10_config.conf with the new one. The scoring system is fundamentally different, so you need to start from scratch again. Move all the old rules out, install the current version, and then edit the "fresh" modsecurity_crs_10_config.conf,modsecurity_local.conf,etc to match your old versions. Hope that helps -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------ Message: 6 Date: Wed, 28 Jul 2010 22:12:58 +0000 From: th...@pr... Subject: Re: [mod-security-users] Help with transition from "old" ModSecurity? To: mod...@li... Message-ID: <201...@ww...> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Jason, Quoting Jason Haar <Jas...@tr...>: > On 07/28/2010 12:17 PM, th...@pr... wrote: >> SecAction >> "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20" >> >> I am having similar problems with tx.max_num_args and such. I just >> cannot set these variables for some reason. > > I got hit by the same issue - I'm guessing you didn't replace > modsecurity_crs_10_config.conf with the new one. The scoring system is > fundamentally different, so you need to start from scratch again. Move > all the old rules out, install the current version, and then edit the > "fresh" modsecurity_crs_10_config.conf,modsecurity_local.conf,etc to > match your old versions. I have a completely fresh setup, just from scratch. I tried now different things. I enabled debug logging level 9 - the config is actually read and the variables are read. I put my SecDefaultAction back to the default, ie. pass. I enabled the other rules now for num_args for example and I have more warnings in the log now, but it doesnt show that the values I am setting are actually active. Many thanks anyway. Thomas ------------------------------ Message: 7 Date: Wed, 28 Jul 2010 15:38:10 -0700 From: Nagesh Cherukuri <nch...@wa...> Subject: [mod-security-users] UNSUBSCRIBE To: "mod...@li..." <mod...@li...> Message-ID: <A8A...@MA...> Content-Type: text/plain; charset="us-ascii" -----Original Message----- From: th...@pr... [mailto:th...@pr...] Sent: Wednesday, July 28, 2010 3:13 PM To: mod...@li... Subject: Re: [mod-security-users] Help with transition from "old" ModSecurity? Jason, Quoting Jason Haar <Jas...@tr...>: > On 07/28/2010 12:17 PM, th...@pr... wrote: >> SecAction >> "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20" >> >> I am having similar problems with tx.max_num_args and such. I just >> cannot set these variables for some reason. > > I got hit by the same issue - I'm guessing you didn't replace > modsecurity_crs_10_config.conf with the new one. The scoring system is > fundamentally different, so you need to start from scratch again. Move > all the old rules out, install the current version, and then edit the > "fresh" modsecurity_crs_10_config.conf,modsecurity_local.conf,etc to > match your old versions. I have a completely fresh setup, just from scratch. I tried now different things. I enabled debug logging level 9 - the config is actually read and the variables are read. I put my SecDefaultAction back to the default, ie. pass. I enabled the other rules now for num_args for example and I have more warnings in the log now, but it doesnt show that the values I am setting are actually active. Many thanks anyway. Thomas ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html ------------------------------ Message: 8 Date: Thu, 29 Jul 2010 21:58:42 +0800 From: ja...@je... Subject: [mod-security-users] mod_unique_id for ModSecurity To: mod...@li... Message-ID: <OFE...@je...> Content-Type: text/plain; charset=US-ASCII Hi all, I am now installing modSecurity 2.5.12 to my Apache 2.2.16 I know that mod_unique_id is need. But i can't found it in my Apache. Where can i find it? mod_unique_id should be packaged with Apache? Do i need to download it or compile it myself? Many thanks~~ Jay This e-mail is intended solely for the addressee. If you have received this e-mail in error, please notify the sender by reply e-mail and immediately delete it from your system. ------------------------------ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm ------------------------------ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users End of mod-security-users Digest, Vol 50, Issue 10 ************************************************** |
|
From: David F. <Da...@me...> - 2010-07-29 23:20:09
|
I was looking at the documentation today for the first time in ages, and noticed the entry for SecChrootDir makes this feature look a lot less useful than it is. There's a list of 3 things which are likely to cause problems, but no hits about the fixes. Could the hits be added to help people use this feature? 1) DNS lookups do not work (this is because this feature requires a shared library that is loaded on demand, after chroot takes place). Solution: place copies of the required libraries within the chroot, this is likely to include libnss_dns, libnss_files, libresolv. 2) You cannot send email from PHP because it uses sendmail and sendmail is outside the jail. Solution: Run a local mailserver, and get PHP to connect to it via a network port. Regards, David. ----------------------------- Email: Da...@me... Online galleries & photos: http://www.megapico.co.uk/gallery/ ----------------------------- |
|
From: Brian R. <bre...@gm...> - 2010-08-02 21:34:15
|
On Thu, Jul 29, 2010 at 3:30 PM, David Fletcher <Da...@me...> wrote: > I was looking at the documentation today for the first time in ages, and > noticed the entry for SecChrootDir makes this feature look a lot less > useful than it is. > > There's a list of 3 things which are likely to cause problems, but no > hits about the fixes. Could the hits be added to help people use this > feature? > > 1) DNS lookups do not work (this is because this feature requires a > shared library that is loaded on demand, after chroot takes place). > Solution: place copies of the required libraries within the chroot, this > is likely to include libnss_dns, libnss_files, libresolv. > > 2) You cannot send email from PHP because it uses sendmail and sendmail > is outside the jail. > Solution: Run a local mailserver, and get PHP to connect to it via a > network port. > > Regards, > > David. > Actually, what it should say is *deprecated* :) You should instead use the native support in 2.2.10 and later versions... http://httpd.apache.org/docs/2.2/mod/mpm_common.html#chrootdir -B |
|
From: Mike L. <mi...@ne...> - 2019-05-28 00:03:09
|
Unsubscribe |
Thanks for helping keep SourceForge clean.
X