Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_security don't work |
|
| Author |
|
brotrou
Joined: 09 Oct 2008
Posts: 1
|
 Posted: Thu 09 Oct '08 14:25 Post subject: mod_security don't work |
 |
|
hello
I would like to know why my mod_security2 doesn't work with my apache config.
Here are my configuration :
I followed the instructions gived in the doc folder of the mod_security-2.5.7-win32.zip
I unzip file and put the mod_security2.so and libxml2.dll in a new folder named mod_security2 in the apache/modules/ directory.
I installed Install the Visual C++ 2008 Redistributable Package,
Then i added theses lines in the httpd.conf file :
LoadFile bin/libxml2.dll (i also put this file in th bin apache/bin directory)
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2/mod_security2.so
in my httpd.con i write very simple directives like this
| Code: |
# Configuration for mod_security
<IfModule mod_security2.so>
# Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature "ca marche"
</IfModule>
# End of mod_security.
|
when i test my server name in the header is alway "apache" i'm waiting "ca marche"
my server is apache 2.2.8 and i use mod_security2.
when i watch in my log there are empty et in my apache error log i see
[notice] ModSecurity for Apache/2.5.7 (http://www.modsecurity.org/) configured.
i don't understand where is the mystake
thank |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 09 Oct '08 16:33 Post subject: Re: mod_security don't work |
|
|
| brotrou wrote: |
# Turn the filtering engine On or Off
SecFilterEngine On
|
SecFilter* is pre version 2.5, or got changed in 2.5 along the way, do not remember. If one looks at the docs under the run time directives, there is no SecFilter anything anymore.
I'm looking at Steffen's readme and I do not see SecFilter
Should now be: SecRuleEngine On
All old SecFilter are now SecRule
############# minimal ############
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
# Handling of file uploads
# TODO Choose a folder private to Apache.
# SecUploadDir /opt/apache-frontend/tmp/
SecUploadKeepFiles Off
# Debug log
SecDebugLog /usr/apache/logs/modsec_debug.log
SecDebugLogLevel 0
# Serial audit log
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog /usr/apache/logs/modsec_audit.log
# Maximum request body size we will
# accept for buffering
SecRequestBodyLimit 131072
# Store up to 128 KB in memory
SecRequestBodyInMemoryLimit 131072
# Buffer response bodies of up to
# 512 KB in length
SecResponseBodyLimit 524288
# Modify Server Signature (tho security by obscurity is not much security!)
# Really try and confuse them
SecServerSignature "Mozilla/5.0 (compatible; Konqueror/3.1-rc6; i686 Linux; 20020501)"
########### end minimal ##########
I have at times had problems with one or both of these
SecRequestBodyAccess On
SecResponseBodyAccess On
Gregg
Last edited by glsmith on Thu 09 Oct '08 17:02; edited 3 times in total |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
|
| Back to top |
|
|
|
|
|
|
