I'm having issues with Apache's mod_security and I can't find the cause. First of all, I've been unable to find a url on my site that causes one of the filters to block it and second, nothing is getting logged. I've confirmed that /var/log/httpd/modsec_log exists and its permissons are set to 644. Can someone please help? I've been troubleshooting this for days now.
Code:
# Server directory for config, error and log files
ServerRoot "/usr/local/apache"
# Server Options
Timeout 120
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
# Prefork Server
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
# Ports Available
Listen 80
Listen 443
# Dynamic Shared Object (DSO) Support
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule security_module modules/mod_security.so
LoadModule php5_module modules/libphp5.so
# User/Group
User apache
Group apache
# Server Info
ServerAdmin root@localhost
ServerName 192.168.1.3
UseCanonicalName Off
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 1 255
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:403"
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_log
# SecFilterDebugLog /var/log/httpd/modsec_debug_log
# SecFilterDebugLevel 4
# Prevent OS-specific keywords
SecFilter /etc/passwd
# Prevent path traversal (..) attacks
SecFilter "\.\./"
# Prevent XSS attacks (HTML/Javascript)
SecFilter "<(.|\n)+>"
# Prevent Nmap version scan
SecFilterSelective THE_REQUEST "^(HELP|default|\||TNMP|DmdT|\:)$"
</IfModule>
# Minimal permissions for any directory
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
DirectoryIndex index.html index.php
# Prevent files from being viewed
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
# Mime types information
TypesConfig conf/mime.types
DefaultType text/plain
AddType application/x-httpd-php .php
AddType application/x-httpd-php .inc
AddType application/x-httpd-php .class
#########################################
# Logging
#########################################
HostnameLookups Off
# Move ErrorLog every 24 hours
ErrorLog /var/log/httpd//error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
LogFormat "%{Referer}i -> %U" referer
CustomLog /var/log/httpd/referer_log referer
# IP and user-agent for tracking purposes
LogFormat "%h \"%{User-agent}i\"" agent
CustomLog /var/log/httpd/agent_log agent
# Combined log that is rolled every 24 hours
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/httpd/combined_log combined
# Info given out should be minimal
ServerTokens Minimal
ServerSignature Off
# Disable the method TRACE
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* [F]
# Default charset, prevents XSS
AddDefaultCharset ISO-8859-1
# Ugly but important hacks
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
#######################
### VIRTUAL HOSTING ###
#######################
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.mysite.net
ServerAlias mysite.net *.mysite.net
DocumentRoot /web/mysitenet
<Directory "/web/mysitenet">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.mysite.com
ServerAlias mysite.com *.mysite.com
DocumentRoot /web/mysitecom
<Directory "/web/mysitecom">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>