mod-security

问题 On my site I have a very basic setup: an 'a href' tag that just points to a file. Nothing fancy: <a href="/path/to/my/file.doc">File</a> No fancy javascript, nothing. Some users who are using old IE versions less than 8 have been having spotty problems downloading different files like this. What I've been able to trace it back to is that IE will send an OPTIONS request for the file (and even then not all the time). Since I'm not running a Webdav server, I had mod_security set at the default

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . I am new to mod security and was able to install it on my servers. However after its installation the website hosted is breaking up. After tracing the issue I was able to figure out that its not allowing me to pass url as a paramater in php code. eg: xyz.php?url= http://www.example.com/img/abc.jpg&param2=xyz Can

问题 I'm doing a POST request to a rest service made with django and piston uploading a file, but when I do the request i get this (strange?) error: [Sun Jul 04 16:12:38 2010] [error] [client 79.39.191.166] ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer [hostname "url"] [uri "/api/odl/"] [unique_id "TDEVZEPNBIMAAGLwU9AAAAAG"] What does it mean? And how can I debug it? 回答1: Output filtering is a way for an administrator to check all text that go through Apache

问题 I'm doing a POST request to a rest service made with django and piston uploading a file, but when I do the request i get this (strange?) error: [Sun Jul 04 16:12:38 2010] [error] [client 79.39.191.166] ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer [hostname "url"] [uri "/api/odl/"] [unique_id "TDEVZEPNBIMAAGLwU9AAAAAG"] What does it mean? And how can I debug it? 回答1: Output filtering is a way for an administrator to check all text that go through Apache

问题 I've just set up Apache modsecurity on a server, and in principle it works well, but I am getting rather a lot of false positives. I'm using the OWASP ModSecurity Core Rule Set (CRS) , essentially "out of the box". I'm running in "self-contained" (traditional) mode rather than Collaborative (anomaly) mode: SecDefaultAction "phase:1,deny,log" SecDefaultAction "phase:2,deny,log" Of particular concern is the SQL injection set. Double pipes (||) double angle brackets (>>) and a whole slew of

问题 This question is an extension of another here (Symfony framework install 406 Not Acceptable Error w/CPanel & WHM), please read my answer there to see how I solved the issue. I was able to solve the issue I had with the 406 errors but at a cost.., I had to disable mod security in WHM which is a huge security vulnerability I'm sure. My question is how can I keep mod security enabled and still have it work with the default Symfony installation so that I do not receive 406 errors anymore? EDIT

问题 So I am trying to get Symfony working on my server by following these install instructions. http://symfony.com/doc/current/book/installation.html#book-installation-permissions I got to the part where I ran this command in console in the directory where I wanted the framework to be installed. symfony new my_project_name I then followed these instructions to set my web root directory to /web as I believe I'm supposed to do? It installed all the files correctly since I can see them in the folder

问题 I need to block the GET request for a certain URI path. I'm using anomaly mode, but im using a straight block rule, I cannot get the rule to work properly example GET /secure/test/bla/bla/ example https://bla.bla.com/secure/test/bla/bla?www.test.com SecRule REQUEST_URI "@streq \/secure\/test\/bla\/bla\?.+" \ "phase:1,id:92,t:none,t:urlDecode,t:lowercase,t:normalizePath,deny,status:403,msg:'403 Access Denied',chain" SecRule REQUEST_METHOD "@streq post" "t:none,t:lowercase" Can I write this

问题 I am gettign this error code on submititng the form. That form have rich text editors and I am assuming that is the problem. So from erorr log I found out this message: [Sat Sep 13 18:45:11 2014] [error] [client xx.xx.xx.xx] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "1023"] [id "350147"] [rev "147"] [msg "Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected"] [data "10862"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ((

问题 I have installed Mod Security using the following instructions: https://www.digitalocean.com/community/tutorials/how-to-set-up-modsecurity-with-apache-on-ubuntu-14-04-and-debian-8 It seems to be working fine, but I don't seem to be able to create exceptions for example for the WordPress login. I have added the following to my virtualhost file: <Directory "/var/www/domain.com/public_html/wp-admin"> <IfModule security2_module> SecRuleEngine Off </IfModule> </Directory> I have also tried the