mod-security-users

[mod-security-users] byterange, modules

[ms <ma...@ms...>]

=0D=0Ahi guys,

this is my first post here, so blame me for funny
english and/or stupid questions...

First: great work! mod_security rocks! I installed
a couple of proxies with it and I like it very much.

Here are my questions you can of course answer:

1. Is it (will it be) possible to have a couple of
SecFilterForceByteRange statements? For p.e. german
sites you have to allow almost the complete range
(the lower one for web forms - tab, crlf, etc and
the higher one for the special characs)? At the
moment, I have to use a lot of SecFilterSelective
statements instead.

2. Do I need certain apache modules for some
functions to work? Even with

SecFilterOutputMimeTypes "(null) text/html text/plain"

all my OUTPUT filters do not work any more. When
uncommenting this one, they work fine. I also have a
problem with the SecServerSignature statement, both
the proxy and the real servers have ServerTokens full
but the server distribution is not masked. Here is my
httpd -l:

Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_log_config.c
  mod_setenvif.c
  mod_proxy.c
  proxy_connect.c
  proxy_ftp.c
  proxy_http.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_dir.c
  mod_alias.c
  mod_so.c

I am currently using apache 2.0.48 compiled on my
OpenBSD 3.4 x86 machine, running in systrace jail.


Thanks and have fun!
mark

--=20
mark sprenk   nordring 65   63843 niedernberg
mailto:ma...@ms... pgp:tron.msnx.de/mspgpkey

Re: [mod-security-users] byterange, modules

[Ivan R. <iv...@we...>]

> 1. Is it (will it be) possible to have a couple of
> SecFilterForceByteRange statements? For p.e. german
> sites you have to allow almost the complete range
> (the lower one for web forms - tab, crlf, etc and
> the higher one for the special characs)? At the
> moment, I have to use a lot of SecFilterSelective
> statements instead.

  It will be. I have that planned for (goes away and
  looks at the plan) 1.9 dev, which should be available
  in about a month.


> 2. Do I need certain apache modules for some
> functions to work? Even with

  No.


> SecFilterOutputMimeTypes "(null) text/html text/plain"
> all my OUTPUT filters do not work any more. When
> uncommenting this one, they work fine.

  Send me your httpd.conf, a fragment of your mod_security
  debug log (set level to 9 first) and of the audit log (only for
  one request where you expect output scanning to work and it
  doesn't).


> I also have a
> problem with the SecServerSignature statement, both
> the proxy and the real servers have ServerTokens full
> but the server distribution is not masked.

  The debug log should help here too.


> I am currently using apache 2.0.48 compiled on my
> OpenBSD 3.4 x86 machine, running in systrace jail.

  And which version of mod_security? :)


-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

[mod-security-users] Testing of rules, etc

[Jim H. <jim...@rc...>]

All,

Are there scripts available anywhere to test the basic rule sets of
mod_security? I used an aggressive Nessus test against my mod_security
installation and it came through fine.  I was hoping there is a repository
of scripts to validate/verify my installation.

TIA.
Regards,
Jim

Re: [mod-security-users] Testing of rules, etc

[Jochen B. <jo...@ro...>]

Hi!

You can find run-test.pl in the tests directory of the mod-security
tarball. The tests directory also contains about 57 example attacks you
can use with run-test.pl.

best regards,

Jochen

> All,
>=20
> Are there scripts available anywhere to test the basic rule sets of
> mod_security? I used an aggressive Nessus test against my mod_security
> installation and it came through fine.  I was hoping there is a repositor=
y
> of scripts to validate/verify my installation.
>=20
> TIA.
> Regards,
> Jim
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=3D1356&alloc_id=3D3438&op=3Dclick
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users

[mod-security-users] Rule testing question

[Jim H. <jim...@rc...>]

My rule testing is going thanks to Jochen's tip.  I am now having =
another
problem, I followed the documentation copy files and adding the =
regression
test for Apache (what I'm running).  On a few test I am receiving 500 =
series
errors (configuration error) saying 200 is required.  I saw Ivan mention
this in some of the scripts. Can anybody point me to where I can find =
what
200 is?  I have been googling for 90 minutes and haven't stumbled upon =
it.

Thanks in advance,

Jim