|
From: Sven K. <ce...@gm...> - 2005-10-26 08:44:39
|
I am trying to use Apache as as reverse proxy and I host some PHP-based CMS sites for a couple of users. I also would like to use mod_security as a web firewall to fend off attacks. I have had clashes with the problems current "production" Apache versions have. Reverse proxying doesn't work at all like it should, users are getting redirected to each other pages after trying to log in to theis sites etc. Reverse proxying works fine with the newest beta version of Apache (2.1.8). But even after lot of testing, I am unable to get the newest mod_security to work properly. The problem is with having large rulesets. I would like to know how I could use the rules I get from here: http://www.gotroot.com/mod_security+rules This far I have tried the Include directives and copying the rules with sed. Still no luck. I have mod_security rules in a separate part of httpd.conf, between <IfModule..> directives in global scope and users' reverse proxy directives are inside a separate <VirtualServer..> . For setting up mod_security inside the <IfModule...> directive I have followed this guide: http://www.gotroot.com/tiki-index.php?page=3DSetup+of+mod_security I have not had the chance to try the version 1.8.7 in Apache 2.1.8 because it won't compile - I get errors. |
|
From: Ivan R. <iv...@we...> - 2005-10-26 16:39:04
|
Sven Kauber wrote: > Hi Sven, > The problem is with having large rulesets. I would like to know how I > could use the rules I get from here: > http://www.gotroot.com/mod_security+rules This far I have tried the > Include directives and copying the rules with sed. Still no luck. I > have mod_security rules in a separate part of httpd.conf, between > <IfModule..> directives in global scope and users' reverse proxy > directives are inside a separate <VirtualServer..> . For setting up > mod_security inside the <IfModule...> directive I have followed this > guide: http://www.gotroot.com/tiki-index.php?page=Setup+of+mod_security I am afraid I don't understand what the problem is. What results are you expecting that you are not getting? Can you get any rule to work, or do you have problems specifically with the rules from gotroot? > I have not had the chance to try the version 1.8.7 in Apache 2.1.8 > because it won't compile - I get errors. ModSecurity 1.8.7 doesn't work with Apache 2.1.x - they're not compatible. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
|
From: Sven K. <ce...@gm...> - 2005-10-28 06:28:23
|
Hi Ivan! What I meant was that it seemed to me that no rule was loaded at all when I loaded all those rules from here http://www.gotroot.com/mod_security+rules. Here is the mod_security configuration I am using: <IfModule mod_security.c> SecFilterEngine On . . .the rules directly from http://www.gotroot.com/tiki-index.php?page=3DSetup+of+mod_security . . . #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules Include /etc/modsecurity/rules.conf #Comment spam rules Include /etc/modsecurity/blacklist.conf #Bad hosts, bad proxies and other bad players Include /etc/modsecurity/blacklist2.conf #Bad clients, known bogus useragents and other signs of malware Include /etc/modsecurity/useragents.conf #Known bad software, rootkits and other malware Include /etc/modsecurity/rootkits.conf #Signatures to prevent proxying through your server #only rule these rules if your server is NOT a proxy Include /etc/modsecurity/proxy.conf #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x Include /etc/modsecurity/apache2-rules.conf </IfModule> With this configuration when I try for example to enter this: http://myhost.com/bin/nasm the server sends 404 error instead of error 500 like it should. But when I add this: SecFilterSelective THE_REQUEST "bin/nasm" right before the Include directives I will get the 500 error. Sven On 10/26/05, Ivan Ristic <iv...@we...> wrote: > Sven Kauber wrote: > > > > Hi Sven, > > > > The problem is with having large rulesets. I would like to know how I > > could use the rules I get from here: > > http://www.gotroot.com/mod_security+rules This far I have tried the > > Include directives and copying the rules with sed. Still no luck. I > > have mod_security rules in a separate part of httpd.conf, between > > <IfModule..> directives in global scope and users' reverse proxy > > directives are inside a separate <VirtualServer..> . For setting up > > mod_security inside the <IfModule...> directive I have followed this > > guide: http://www.gotroot.com/tiki-index.php?page=3DSetup+of+mod_securi= ty > > I am afraid I don't understand what the problem is. What results > are you expecting that you are not getting? Can you get any rule > to work, or do you have problems specifically with the rules from > gotroot? > > > > I have not had the chance to try the version 1.8.7 in Apache 2.1.8 > > because it won't compile - I get errors. > > ModSecurity 1.8.7 doesn't work with Apache 2.1.x - they're not > compatible. > > -- > Ivan Ristic > Apache Security (O'Reilly) - http://www.apachesecurity.net > Open source web application firewall - http://www.modsecurity.org > |
|
From: Ivan R. <iv...@we...> - 2005-10-28 08:26:12
|
Sven Kauber wrote: > Hi Ivan! > > What I meant was that it seemed to me that no rule was loaded at all Hi Sven, You have uncovered a bug in ModSecurity 1.9RC1 (stable releases are fine), related to chain actions. I will fix it over the weekend. Thanks! -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
|
From: Sven K. <ce...@gm...> - 2005-10-28 09:50:57
|
Great! Thank you! Sven > You have uncovered a bug in ModSecurity 1.9RC1 (stable releases are > fine), related to chain actions. I will fix it over the weekend. > |
