SecRule and mod_security2
Any body know how to get SecRule to work with mod_security2.c ? I kept on getting this error message when I start my apache-2.2.3 server:
... [truong@gendev-lnx 2.2.3]$ ./restart Syntax error on line 41 of /home/truong/apache/2.2.3/conf/hole/mod_security2.conf: Internal Error: Failed to add rule to the ruleset. httpd not running, trying to start ... And here is line 41 of my mod_security.conf file: ... 39 # Turn on Rule Engine 40 SecRuleEngine On 41 SecRule REQUEST_URI dirty ... Is there something I have to turn on (e.g SecFilterEngine On) ? Thanks for your help. - Monica |
What's it say with SecDebugLog on and SecDebugLogLevel set to 9?
|
Yes, indeed. Here is my security_config file:
<IfModule mod_security2.c> # Maximum request body size we will # accept for buffering SecRequestBodyAccess On SecRequestBodyLimit 131072 # Store up to 128 KB in memory SecRequestBodyInMemoryLimit 131072 # Buffer response bodies of up to # 512 KB in length SecResponseBodyAccess Off SecResponseBodyLimit 524288 # Debug log SecDebugLog logs/modsec_debug.log SecDebugLogLevel 9 # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis SecAuditEngine RelevantOnly SecAuditLogRelevantStatus ^5 SecAuditLogParts ABIFHZ SecAuditLogType Serial # The name of the audit log file SecAuditLog logs/modsec_audit.log # Default action set SecDefaultAction "deny,log,auditlog,status:403" # Turn on Rule Engine SecRuleEngine On SecRule REQUEST_URI dirty </IfModule> Thus, nothing ever got written to my audit logfile. thanks for your help. - Monica |
Yes, indeed.
No, I mean what does *modsec_debug.log* say? Anyway. With httpd-2.0.46-61 (CentOS) and modsecurity-apache2-2.0.2 (RHEL) modsecurity.conf get sourced from /etc/httpd/conf.d/ and the modsecurity2 rules are in /etc/httpd/conf.d/modsecurity2/. I added a line "SecRule REQUEST_URI|QUERY_STRING dirty" at the bottom of modsecurity.conf and tripped it with "http://localhost/dirty.rpm" allright. Notice my modsecurity.conf starts with "SecRuleEngine On" and not at the bottom: Code:
# Basic configuration options |
Hello, thanks for your help. By moving the 'SecRuleEngine On' to the top of the configuration file, it works! The apache's error message is so miss-guided, I would not guess it.
thanks so much for your help. - Monica |
Hello, since you are an expert in this topic, do you know what is the equivalent of this:
SecFilterSelective "POST_PAYLOAD" "(poker|gambling|casio)" in mod_security2? Thanks |
All times are GMT -5. The time now is 03:25 AM. |