Thread: RE: [mod-security-users] mod_security causing Apache 1.3.33 to ha ng
Brought to you by:
victorhora,
zimmerletw
From: Servedio, A. (Matrix) <All...@ic...> - 2006-01-11 19:54:25
|
Hi, I compiled it with: /apachehome/bin/apxs -cia mod_security.c Against and already compiled Apache (so, SSL was already compiled into it). The above made a shared object in my libexec that I included with the LoadModule (also did the AddModule entry as specified in your install instructions). Yeah, I agree with you on the redirect. The reason that I just did the root like that is that this actually handles LOTS of domains. So, I thought just sending them back to the root was the safest way to ditch their parameters but not give them an ugly error page. Is there a better way to do that? Thanks, Allen --------------------------------------------------- Allen Servedio Internet Developer (E-Commerce) Matrix Resources Consultant --------------------------------------------------- -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: Wednesday, January 11, 2006 2:47 PM To: Servedio, Allen (Matrix) Cc: 'mod...@li...' Subject: Re: [mod-security-users] mod_security causing Apache 1.3.33 to hang Servedio, Allen (Matrix) wrote: > Hi, > > I am new to using mod_security so there is a high probability that I > messed something up with my configuration. But, I am able to get Apache > to hang (consistently) while using mod_security by posting the form > below (it is from a security scanning tool, in case the values look > fishy :-) ). I would appreciate any insight as to what is causing this > to hang. If I remove mod_security the same request passes through just fine. I am unable to re-create the problem here (1.3.3 + mod_ssl 2.8.22, running on Debian 3.1). Did you compile mod_security before or after mod_ssl installation? mod_ssl for Apache 1.3.x actually patches the Apache source code and changes the API? Many modules work after the patch on Linux but I don't know about Solaris. > SecFilterDefaultAction "deny,log,redirect:/" Strictly speaking redirects should be supplied with a full URL. For example: redirect:http://www.example.com/ However, I notice that even / works and redirects the user to the root of the web site. There's nothing unusual in your configuration. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
From: Christopher M. <mu...@to...> - 2006-01-11 20:01:16
|
Did you run an strace on the apache process to see where it's hanging? -- Regards, -Chris _______________________________________________ Christopher Murley Network Administrator TownNews.Com 800.293.9576 Servedio, Allen (Matrix) said: > Hi, > > I compiled it with: > /apachehome/bin/apxs -cia mod_security.c > > Against and already compiled Apache (so, SSL was already compiled into > it). > > The above made a shared object in my libexec that I included with the > LoadModule (also did the AddModule entry as specified in your install > instructions). > > Yeah, I agree with you on the redirect. The reason that I just did the > root > like that is that this actually handles LOTS of domains. So, I thought > just > sending them back to the root was the safest way to ditch their parameters > but not give them an ugly error page. Is there a better way to do that? > > Thanks, > Allen > > --------------------------------------------------- > Allen Servedio > Internet Developer (E-Commerce) > Matrix Resources Consultant > --------------------------------------------------- > > > -----Original Message----- > From: Ivan Ristic [mailto:iv...@we...] > Sent: Wednesday, January 11, 2006 2:47 PM > To: Servedio, Allen (Matrix) > Cc: 'mod...@li...' > Subject: Re: [mod-security-users] mod_security causing Apache 1.3.33 to > hang > > Servedio, Allen (Matrix) wrote: >> Hi, >> >> I am new to using mod_security so there is a high probability that I >> messed something up with my configuration. But, I am able to get Apache >> to hang (consistently) while using mod_security by posting the form >> below (it is from a security scanning tool, in case the values look >> fishy :-) ). I would appreciate any insight as to what is causing this >> to hang. If I remove mod_security the same request passes through just > fine. > > I am unable to re-create the problem here (1.3.3 + mod_ssl 2.8.22, > running on Debian 3.1). > > Did you compile mod_security before or after mod_ssl installation? > mod_ssl for Apache 1.3.x actually patches the Apache source code and > changes the API? Many modules work after the patch on Linux but > I don't know about Solaris. > > >> SecFilterDefaultAction "deny,log,redirect:/" > > Strictly speaking redirects should be supplied with a full > URL. For example: redirect:http://www.example.com/ However, > I notice that even / works and redirects the user to the root > of the web site. > > There's nothing unusual in your configuration. > > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > |