I'm having problems setting up mod_security on my server. Whenever I edit
the httpd.conf file with the mod_security settings my server always shows
the default action (i.e. 500, 404, etc.)
I'm thinking it is something goofed up in my setting. Could you look at this
code and let me know where I've gone wrong?
# Allow Frontpage to work
# Turn the filtering engine on or off
# Change Server: string
SecServerSignature "Microsoft-IIS/5.0 "
# Some sane defaults
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On or Off on the per-server or
# the per-directory basis. "One" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
# The name of the audit log file
# Action to take by default
# Don't accept transfer encodings we know we don't handle
SecFilterSelective "HTTP_Transfer-Encoding "!^$"
# Pevent path traversal (..) attacks
# Weaker XSS protection but allows common HTML tags
# (Commented out to work with html forums.)
# Very crude filters to prevent SQL injection attacks
# Protecting from XSS attacks throught the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9A-Z]*$"
From: Ivan Ristic <ivan.ristic@gm...> - 2006-08-10 20:17:12
On 8/10/06, Robert Temple <rtscruiser@...> wrote:
> I'm having problems setting up mod_security on my server. Whenever I edit
> the httpd.conf file with the mod_security settings my server always shows
> the default action (i.e. 500, 404, etc.)
> I'm thinking it is something goofed up in my setting. Could you look at this
> code and let me know where I've gone wrong?
> # Don't accept transfer encodings we know we don't handle
> SecFilterSelective "HTTP_Transfer-Encoding "!^$"
The above line is faulty. There's an extra double quote at before
HTTP. Remove it and you'll be fine.
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall