LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-18-2012, 02:05 PM   #1
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA, Earth
Distribution: Debian/ Fedora/ Ubuntu/ Raspbian
Posts: 549

Rep: Reputation: 40
raspbian, apache2, SecFilter Invalid command


Hi group,

Working with raspbian server trying to get libapache2_modsecurity working. I have /etc/apache2/mods-available/mod_security.load enabled
Code:
LoadFile libxml2.so.2
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
My /etc/modsecurity/modsecurity.conf looks like this:
Code:
root@raspberrypi:~# grep -v '#' /etc/modsecurity/modsecurity.conf | grep -v '^$'
SecRuleEngine DetectionOnly
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
     "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_SEMICOLON_MISSING}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@streq 0" \
        "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
 SecDebugLog /opt/modsecurity/var/log/debug.log
 SecDebugLogLevel 3
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
 SecAuditLogStorageDir /opt/modsecurity/var/audit/
SecArgumentSeparator &
SecCookieFormat 0
But when I try to enter a filter
Code:
 SecFilter /etc/passwd
I get this error
Quote:
root@raspberrypi:~# apache2ctl configtest
Syntax error on line 281 of /etc/apache2/apache2.conf:
Invalid command 'SecFilter', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
Any ideas on how to fix this? I have it working on my laptop running Fedora 13.
 
Old 10-18-2012, 05:28 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,294

Rep: Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698Reputation: 1698
Hi,

Quote:
Invalid command 'SecFilter', perhaps misspelled or defined by a module not included in the server configuration
Please note that "SecFilter" is a modsecurity-1.x directive and doesn't exist on modsecurity-2.x. See here the directives available for the latter
If you want to migrate your rules from 1.x to 2.x, read this

Regards
 
Old 10-18-2012, 07:11 PM   #3
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA, Earth
Distribution: Debian/ Fedora/ Ubuntu/ Raspbian
Posts: 549

Original Poster
Rep: Reputation: 40
Quote:
Originally Posted by bathory View Post
Hi,


Please note that "SecFilter" is a modsecurity-1.x directive and doesn't exist on modsecurity-2.x. See here the directives available for the latter
If you want to migrate your rules from 1.x to 2.x, read this

Regards
Thanks, I did figure out that I need to use "SecRule" instead of "SecFilter".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
raspbian apache2 shell_exec fail MrUmunhum Linux - Server 1 09-23-2012 08:42 PM
LXer: A Month with Raspbian LXer Syndicated Linux News 0 07-31-2012 07:00 PM
LXer: Raspbery Pi's Own Raspbian Gets SD Card Image LXer Syndicated Linux News 0 07-18-2012 06:10 PM
Apache2 Error on Start "Invalid Command" Salen Linux - Newbie 1 12-29-2005 02:55 PM
SSL + Apache2 = Invalid Method in Request TruckStuff Linux - Networking 5 08-29-2004 04:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration