> 1.: audit_log:
> there are only a few requests inside. in the error_log are many more
> denied lines from mod_security.
> is this normal ?
Not exactly. There are a couple of lines of code there left by
mistake and they cause audit logger not to log requests that
it judges to be "non-dynamic". The same logic was implemented
in the filtering part of the module. I decided to remove it
because the behavior was hard-coded. It will come back as part
of the v1.6 release but with a couple of configuration options
so people can turn it on and off at will.
If it bothers you simply comment the four lines below the
comment in sec_logger.
// ignore non-dynamic requests
if (r->handler == NULL) {
sec_debug_log(r, 2, "...
return OK;
}
I will comment the code as part of the v1.5.1 release (will be
ready in a couple of days).
> 2.: chroot apache:
> i tried to chroot apache with mod_security.
> i made is directory /chroot/apache opened httpd.conf and moved AddModule
> mod_security.c to the first line after ClearModuleList.
> i added the line:
> SecChrootDir /chroot/apache
>
> and restarted apache
> then i get this error:
> Syntax error on line 1318 of /etc/httpd/httpd.conf:
> Invalid command 'SecChrootDir', perhaps mis-spelled or defined by a
> module not included in the server configuration
Did you get the latest version from CVS? The chroot feature is
only available for Apache 1.x and in the CVS only. I will release
v1.5.1 shortly to fix some bugs and add certain enhancements to
the Apache 2.x code.
--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
|
