logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_security help for newbie on windowsxp Page 1, 2  Next
Author
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sat 23 May '09 12:57    Post subject: mod_security help for newbie on windowsxp Reply with quote

I have read/search until I'm about to give up.
Please if can help, a complete newbie to apache, install the mod_security-2.5.9-win32. I read that I should have this firewall installed for security. I'm trying :p...

I am using: XP SP3, 'xampp v1.7.1 standalone/portable' which is Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9

I have followed the Readme.txt until here (with exception that I copied files to a new directory here: D:\xampp\apache\modules\mod_security2 <as I have dir apache, but not apache2) Is ok?

"# Configuration: see the included documentation"
I read here: modsecurity2-apache-reference.html#configuration-directives" where I'm completely lost as to:
a. How to configure firewall?
b. Where are the other files and dir in the zip suppose to go? "Include directives": "These rules, along with the Core rules files, should be contained is files outside of the httpd.conf file and called up with Apache "Include" directives...." ???
c. How???: "ModSecurity directives can be used inside the various Apache Scope Directives"
d. In Readme.txt: # A very quick start: < where to put these settings
e. How to know if firewall is on/enabled, being used? I read to call it by going to that url, but it didn't give me error. Which I'm sure because I haven't finished the install.

One of the things I have tried that also failed: Included in the zip is mod_security-2.5.9-win32\modsecurity-2.5.9\modsecurity.conf-minimal < so i renamed that to: modsecurity.conf, placed in the new dir \mod_security2 then added the 2 lines at the end of the modsecurity.conf:
Call your site with:

http://www.xxxxcom/?abc=../../ (replacing www.xxxxcom with my url).
Stop and start apache, test this url and it opens my website homepage, no errors.
I also tested adding all these settings to httpd.conf, but then read "should be contained is files outside of the httpd.conf"

Please if possible could you post with examples how to accomplish in baby steps.
Thank you very much and sorry again to not understand the language in the docs.


*PS. Just a note on this post it says: http://www.apachelounge.com/viewtopic.php?t=2520
To check your mod_security, add the rule:

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"

Call your site with:

http://www.xxxx.com/?abc=../../

You should get a access denied and in the log:

--------
On the Readme.txt in the zip it doesn't contain the actual rule.

Edit: btw I did 'not':
a.) install this one modsecurity-apache_2.5.9.tar.gz as I believe the zip to be for windows.
b.) I didn't overwrite my existing libxml2 that I have found here: D:\xampp\php\libxml2.dll and here: D:\xampp\apache\bin\libxml2.dll
dated 12/21/2007 because it didn't say to in the Readme.txt (win32)
though I do notice that the libxml2.dll included in the zip that I copied to \mod_security2 is newer date 10/5/2008 and larger by 42kb
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 23 May '09 18:26    Post subject: Reply with quote

For starters;

I am assuming xamp's ServerRoot is D:\xamp\apache so;
In httpd.conf you need to load the module and tell Apache to
"Include" the conf file

in /xamp/apache/conf/httpd.conf:
Code:
LoadModule security2_module modules/mod_security2/mod_security2.so
Include modules/mod_security2/modsecurity.conf

restart and try that one URL again that is supposed to cause it to
block.
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sun 24 May '09 10:14    Post subject: Reply with quote

Oh a reply! Thank you glsmith Very Happy !

Ok I had already, as per Readme.txt, added this only to my httpd.conf:
LoadModule security2_module modules/mod_security2/mod_security2.so
and find & uncomment this line by removing '#'(mine wasn't commented):
LoadModule unique_id_module modules/mod_unique_id.so

So now as you have said I've added the line:
Include modules/mod_security2/modsecurity.conf <which I presume will be the one I copied over from zip (modsecurity.conf-minimal) and renamed to modsecurity.conf, so at least I was on the right track Smile

I have stopped/restarted server. Close/reopen browser.
Enter: (replaced 'www.xxxxcom' with my url)
http://www.xxxxcom/?abc=../../
And that URL still prompts me for password then opens up my website.. all variations of that url open website as well like: http://www.xxxxcom/?abc=../ and http://www.xxxxcom/?abc=

Readme.txt said: "To check your mod_security, add the rule":
Call your site with:
http://www.xxxxcom/?abc=../../

I didn't add this rule to anything. I did paste it on modsecurity.conf at the bottom (changing to my url), but then apache wouldn't start.

1. Now what do I do with all those other files in the directories 'rules' and 'tools' included in the mod_security-2.5.9-win32.zip?

2. How do I know if it's running and working? I do see on D:\xampp\apache\logs\error.log: [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.

Just strange as use to my own firewall popping up to ask if this and that is ok.

Thank you again so much for your time!
Mew


Last edited by mewbie on Sun 24 May '09 11:15; edited 1 time in total
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sun 24 May '09 10:59    Post subject: And... Reply with quote

Btw I was trying to also follow this tut here;
http://gilbertng.blogspot.com/2008/03/apache-modsecurity-and-xampp.html
Its quite confusing when one doesn't know what they are doing. Sorry.. So I ask now as I'm going to end up asking when the above problem is solved.

1.) All ok until tut comes to step 8; as it sounds like he is putting those directives in the httpd.conf file?
But I read: Core rules files, should be contained is files outside of the httpd.conf file and called up with Apache

2.) His step 9.: Start and stop the Apache and look at the phpinfo and see it loaded or not.
"phpinfo" < what is phpinfo? I look under phpMyAdmin and I don't see any mention of mod_security. If he means http://localhost/xampp/phpinfo.php < then I don't see it listed there either.

3.) this his last steps:
1. Disable PHP function - do i need to do these?
As I dont have the file where he says but I do have it here: D:\xampp\php\php.ini
Which right now states under disable_functions only: disable_functions =
2. he says: 2. Besides, open safe mode
in my php.ini I have:
; Safe Mode
;
safe_mode = Off
3. he says: open_basedir = C:\ foo\bar
mine is commented I believe, it has: ;open_basedir =

Thank you again, sorry for all the questions at once!
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 26 May '09 16:47    Post subject: Reply with quote

His step 8 is not using "core" rules but his own set. Look at the minimal conf file included ... drop it into /xamp/apache/conf and in httpd.conf file add

Include conf/filename.conf

done

if you want to use core rules .. read the mod security docs .. not someones tut

basically, put all 8 or so of the files into a folder /xamp/apache/conf/core
then

Include conf/core/*.conf

I know nothing about "his" php setup .. I'm php dumb
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 26 May '09 21:22    Post subject: Reply with quote

Hi newbie,
you don't need to disable any php functions if only you run your scripts on that server. Also you don't need to set open_basedir.
In the case other ppl run theier scripts on the server you should set open_basedir to the apache document root.
Leave safe mode off! It does not make your server saver and it sucks a lot when it is enabled.

if you have still a question you're welcome to ask more Smile
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 26 May '09 22:03    Post subject: Reply with quote

Thanks for that tip ... safe_mode==suck-system-dry_mode
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 26 May '09 23:32    Post subject: Reply with quote

in PHP 6 safe mode will be removed also register globals. To make PHP 5 secure if you have other users on your system.
Set open_basedir to the vhost the user has access to. Also set the upload_tmp_dir to that folder, if not the user can't upload files caused by basedir Wink

with PHP_Admin_value you can set most values for each vhost.

expose_php = Off
than you won't see the X-Powered-By: PHP/5.2.9 header.


Guess this enough of PHP stuff since this is a mod_sec topic.
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Wed 27 May '09 5:50    Post subject: Reply with quote

Thank you glsmith and James Blong for your time and replies! Very Happy. Sorry to say that I'm more confused and bummed out about it now than before. Please if you could take the time to read through this and let me know what I have missed, that would be great! I know its a very good program from what I have read and probably very easy to install for seasoned users.

(Would be great if there were step by step 'full' instructions, for windows, that newbies could understand. I have seen at xampp forum other ppl having same problem to get this to work with no solution posted. For example in html doc, step 7-8 for windows, I'm 'completely' lost. Thus my long search on other sites/ 'tuts' to get this setup.)

I did read the docs included, (Readme.txt and modsecurity2-apache-reference.html). I'll post here where my problems are so you can see into a mewbies mind lol and why such confusion in detail (my comments in bold):

Step 7: Skip down to windows:
a. Edit Makefile.win to configure the Apache base and library paths. <no such file 'Makefile.win' and if there was then I suppose the path would be D:\xampp\apache\bin < as this is where I find my existing libxml2.dll. So never mind skip, don't have this makefile.win
b. Compile with: nmake -f Makefile.win < I presume this is done via command prompt, skip don't have the file
c. < skip as well, don't have that file
d. Copy the libxml2.dll <skip: have file in bin already) and lua5.1.dll to the Apache bin directory.<skip: Readme.txt says: Lua is build inline, no need to have lua5.1.dll)
Alternatively you can follow the step below for using LoadFile to load these libraries. < ok, I'll do that:

Step 8: Edit the main Apache httpd config file (usually httpd.conf)
On UNIX (and Windows if you did not copy the DLLs as stated above) you must load libxml2 and lua5.1 before ModSecurity with something like this:

LoadFile /usr/lib/libxml2.so<no such file
LoadFile /usr/lib/liblua5.1.so<no such file
Load the ModSecurity module with: LoadModule security2_module modules/mod_security2.so <done, pasted in httpd.conf

Step 9: Configure ModSecurity <how? do what to what file?

---------- ok not working, back to the Readme.txt:

Create .../apache2/modules/mod_security2 and copy mod_security2.so and libxml2.dll to this folder <done

Install the Visual C++ 2008 Redistributable Package <done

Add to your httpd.conf:
LoadModule security2_module modules/mod_security2/mod_security2.so <done
Enable the module unique_id by uncommenting:
LoadModule unique_id_module modules/mod_unique_id.so <done

A very quick start: <not done, didn't understand where to put these

To check your mod_security, add the rule:
Call your site with:
http://www.xxxxcom/?abc=../../ <didn't know where to add these 2 lines, so I renamed 'modsecurity.conf-minimal' to 'modsecurity.conf', placed that in D:\xampp\apache\modules\mod_security2 pasted the two lines above into file (replacing www.xxxxcom with my url), restarted, tried URL, could open, no denial.

Then glsmith instructed me to add to httpd.conf:
Include modules/mod_security2/modsecurity.conf <done, restart, apache won't load. I remove these two lines, apache can load. I go searching, find http://www.apachelounge.com/viewtopic.php?t=2520
To check your mod_security, add the rule:
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'" < so this is the rule to add, not the 2 lines above as stated in Readme.txt (mod_security-2.5.9-win32.zip), so I paste this to bottom of 'modsecurity.conf'. Restart apache, http://www.xxxxcom/?abc=../../ < still opens my website.

---next reply:
glsmith instructs to: Look at the minimal conf file included ... drop it into /xamp/apache/conf and in httpd.conf file add Include conf/filename.conf < ok I did this earlier as per your instructions, but it was: Include modules/mod_security2/modsecurity.conf < should be fine here, or do I need to move it?

Then: put all 8 or so of the files into a folder /xamp/apache/conf/core <done
then Include conf/core/*.conf <pasted on httpd.conf, restart apache, close browser, clear temp files, restart apache again, http://www.xxxxcom/?abc=../../ < still opens my website.
I take a look at error.log and see this:

[error] [client 192.168.1.2] ModSecurity: Warning. Pattern match "\\.\\./" at ARGS:abc. [file "D:/xampp/apache/modules/mod_security2/modsecurity.conf"] [line "60"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname "myurl.com"] [uri "/"] [unique_id "ShylOcCoAQIAABC0ZZAAAZZZ"] [error] SecServerSignature: original signature too short. Please set ServerTokens to Full.[notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.

(note these errors in error.log are only when I restart apache, not while using apache)

"Drive Access" I think could this be because I have alias (symbolic link) to another drive in my computer??? So I test this script (RogioBiz.PHP.File.Manager, its a file editor/upload/download script) I make a new folder (via this webpage.php), Ok, makes new folder. Then I select delete folder; it sends me to a 404 page, I press back button and get message 'Invalid folder bane!'. I still can't delete folder.
I test again by uploading a file: file uploads, then sends me to a 404 page, i press back and get same error, but file i upload is there.
The whole start of me installing apache was this script- so a friend could upload/download/delete at will securely. So I need this script to work properly as it did before.


-----
Mini summary of All that I have done:
1.) LoadModule security2_module modules/mod_security2/mod_security2.so <done, pasted in httpd.conf
2.) Enable the module unique_id by uncommenting:
LoadModule unique_id_module modules/mod_unique_id.so <done in httpd.conf
2a.) Include modules/mod_security2/modsecurity.conf <done, pasted in httpd.conf
3.) Create .../apache2/modules/mod_security2 and copy mod_security2.so and libxml2.dll to this folder <done
4.) Install the Visual C++ 2008 Redistributable Package <done
5.) renamed 'modsecurity.conf-minimal' to 'modsecurity.conf', placed that in D:\xampp\apache\modules\mod_security2
6.) pasted at bottom of modsecurity.conf:
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
7.) Rename 'rules' directory (from zip) to 'core', copy it including contents to: /xampp/apache/conf/core
8.) paste in httpd.conf: Include conf/core/*.conf
(I did not make any changes to php per the other tut)

Results:
-errors on log
-don't know if firewall is working- I can still go to http://www.xxxxcom/?abc=../../ ,
-my file_editor/upload/download php script isn't working properly now
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Wed 27 May '09 20:00    Post subject: Reply with quote

I notice you are throwing around a lot of paths on the file system using the beloved \ (backslash) character. Please tell me you are not using these in your config. And if you are, double them up (escape them) like
D:\\xamp\\apache\\etc\\etc

or simpler just using the prefered forward slash
D:/xamp/apache/etc/etc


------------------------------------------------------------------------
note to self (alpost3.txt)
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Thu 28 May '09 1:09    Post subject: Reply with quote

Very Happy No, I am using '/' in all the files.
'\' is to show paths to files in explorer

PS. I do hope you can see from my post how one could be so confused and that I'm not going out of my mind haha :p
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Thu 28 May '09 20:50    Post subject: Reply with quote

ok .. let's ignore all readme's and tuts .... period. I think some of your problem is you are trying to do this off too many different things and one may contradict another.

Undo everything you've done in your config files, clean up the Apache files like remove the mod_security2 folder you made. Make sure Apache is running properly again. Now I know what page your on for sure.

I am going to do this in two parts. After the first part we will see where we are. No, mod_security will not do anything yet, but it will let us know if there is a problem with the binaries for some odd reason.

Part one

Start with a brand new copy of mod_secuity2.so, libxml2.dll and the minimal config file (we will no use this file yet in part one).

Move/copy the module itself (mod_security2.so) in the Apache modules folder (which looks like it is /xamp/apache/modules)

Move/copy libxml2.dll to /xamp/apache/bin

In Notepad, open httpd.conf

Uncomment the line for the Unique ID module

Add line at bottom of Load Modules section
Code:
LoadModule securty2_module modules/mos_security2.so


Reinstall the c++ 2008 redistributable.

Restart Apache.

Ok, is Apache running?
If not what does error log say?

If it is let's look in the error log anyway, You should see a line like
[Thu May 28 12:33:26 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.

Kind of a lie ... since no it is not configured .. but it is loaded.
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Fri 29 May '09 5:37    Post subject: starting over... Reply with quote

HUGE THANK YOU glsmith for your time and patience again! Very Happy.
I know once this is sorted out, its going to help a number of other ppl that I have seen posting about this, so thank you from them as well LOL. Very Happy
I agree, start fresh and with baby steps haha :p
I have done almost all as you have instructed (with a few exceptions), all seems OK.

The exceptions are, in case it matters:

1. I have also reinstalled Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) after re-installing:
Microsoft Visual C++ 2008 Redistributable Package (x86)
rebooted

2. I had deleted D:\xampp\apache\modules\mod_security2\ < this directory and all of it's files.
Copied over a fresh copy of 'mod_security2.so' to: D:\xampp\apache\modules\
Apache (httpd.conf) would 'Not' restart with this line:
LoadModule security2_module modules/mod_security2.so
But when I move 'mod_security2.so' from modules directory into newly created sub directory mod_security2, this line works just fine:
LoadModule security2_module modules/mod_security2/mod_security2.so
No idea why, so I have left it as that.
---------end of exceptions to your instructions

Error log looks good:
[Fri May 29 11:16:43 2009] [notice] Server built: Dec 10 2008 00:10:06
[Fri May 29 11:16:43 2009] [notice] Parent: Created child process 2816
[Fri May 29 11:16:44 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
[Fri May 29 11:16:45 2009] [notice] Digest: generating secret for digest authentication ...
[Fri May 29 11:16:45 2009] [notice] Digest: done
[Fri May 29 11:16:46 2009] [notice] Child 2816: Child process is running
[Fri May 29 11:16:47 2009] [notice] Child 2816: Acquired the start mutex.
[Fri May 29 11:16:47 2009] [notice] Child 2816: Starting 250 worker threads.
[Fri May 29 11:16:47 2009] [notice] Child 2816: Starting thread to listen on port 80.
[Fri May 29 11:16:47 2009] [notice] Child 2816: Starting thread to listen on port 443.


Thank you, and I am ready for the next steps when you are, IF the above is all OK. Very Happy
Back to top
LuMorehead



Joined: 29 May 2009
Posts: 2
Location: USA

PostPosted: Fri 29 May '09 21:07    Post subject: mod_security2 Reply with quote

I've been reading your posts both here and on the Apache Friends site.

Some questions first:

How did you install XAMPP? With an installer or manually?
My suggestion is that you install manually or do a buildif you want to add third-party modules .

Is XAMPP up and running? In other words are you able to access localhost and the demos? (Sorry, I don't remember what you wrote in previous posts on friends forum.)

Have you read the docs on security in Apache? Unless you use the developer's version of XAMPP - Apache, security type option(s) are restricted to cookie type.

In your last reply/post you wrote 2.5.9 for a version. Is this an error?

Last but not least, It's likely that I missed some of the gist of your posts - sorray again. But , exactly what are you trying to get as the final result?

Lu
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 30 May '09 2:01    Post subject: Reply with quote

Lu ... That is not an error ... that is the mod_security2 modules version number.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 30 May '09 2:49    Post subject: Reply with quote

I do not mind the exceptions .. as long as I see this
[Fri May 29 11:16:44 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.


OK ... next step .. let's get it working with the minimal config.
Rename the config file, drop in /xamp/apache/conf/modsecurity.conf
Below the line in the file
SecResponseBodyLimit 524288

add the line
Code:
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"


save and exit.

Open httpd.conf
Down toward the bottom of the file you will see an area with a lot of lines beginning with "Include conf/..."

We need to include our minimal config so somewhere in this section add
Code:
Include conf/modsecurity.conf


save and exit.
restart apache

http://localhost/?abc=../../

You should get a 403 Access Forbidden
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sat 30 May '09 4:24    Post subject: Reply with quote

glsmith: Thank you again! Very Happy
OK, done and as I suspected I still can go that url (as I'm right where I was in one of my previous post):
http://localhost/?abc=../../ (local host replaced with my url)

In error log it says:
[Sat May 30 09:49:01 2009] [notice] Server built: Dec 10 2008 00:10:06
[Sat May 30 09:49:01 2009] [notice] Parent: Created child process 2724
[Sat May 30 09:49:04 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
[Sat May 30 09:49:05 2009] [notice] Digest: generating secret for digest authentication ...
[Sat May 30 09:49:05 2009] [notice] Digest: done
[Sat May 30 09:49:07 2009] [notice] Child 2724: Child process is running
[Sat May 30 09:49:07 2009] [notice] Child 2724: Acquired the start mutex.
[Sat May 30 09:49:07 2009] [notice] Child 2724: Starting 250 worker threads.
[Sat May 30 09:49:08 2009] [notice] Child 2724: Starting thread to listen on port 443.
[Sat May 30 09:49:08 2009] [notice] Child 2724: Starting thread to listen on port 80.

[Sat May 30 09:50:07 2009] [error] [client 192.168.1.2] ModSecurity: Warning. Pattern match "\\.\\./" at ARGS:abc. [file

"D:/xampp/apache/conf/modsecurity.conf"] [line "33"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname

"my.host.name.com"] [uri "/"] [unique_id "SiCQz8CoAQIAAA********"]
(unique id I *** out some of the numbers in case this is private)

Thank you!

=============================
LuMorehead: Thank you for trying to help this mess of mine Razz

Quote:
How did you install XAMPP? With an installer or manually?

Manual as wanted it portable: xampp-win32-1.7.1.exe
(I did not use this: xampp-win32-1.7.1-installer.exe)

Quote:
Is XAMPP up and running? In other words are you able to access localhost and the demos?

Yes it all runs very nicely.

Quote:
Have you read the docs on security in Apache?

I have read a variety of docs and that is what brought me here.

Quote:
Unless you use the developer's version of XAMPP - Apache, security type option(s) are restricted to cookie

type.

Would this be the correct version I'm using to use mod_security?

Quote:
exactly what are you trying to get as the final result?

mod_securtiy as a working firewall for xampp's apache server.

Thank you!
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 30 May '09 4:44    Post subject: Reply with quote

ok .. I was wrong .. not a 403 .. but it flagged in the error log so mod_sec is working. see what that gets you for the next couple days before you dive into core rules ... and no .. nothing secret in the unique id that I know of .. you can press reload on your browser a hundred time and you will get 100 different ones.
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sat 30 May '09 6:00    Post subject: Reply with quote

Thank you again. OK will do glsmith, and I'll keep an eye on the error log for any unusual things related to mod_security.

I had previously thought firewall wasn't working, as according to docs and other post that URL should not open with that rule..
but I see it is told to give a msg: msg:'Drive Access'"
So I do feel a little confused about that but will continue this process Very Happy

re unique id: noted

(my note: line 33 is the rule that you had me add to modsecurity.conf)
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Wed 03 Jun '09 5:59    Post subject: Ready :D Reply with quote

glsmith, how are you? Very Happy

Seems to all be running smooth. Though a few new odd entries in error log that weren't there before (I don't know if related or not). It only happened for 2 days, now I don't see them again, yet:

2 of these:
[warn] (OS 121)The semaphore timeout period has expired. : winnt_accept: Asynchronous AcceptEx failed.

and then 8 of these:
[warn] (OS 64)The specified network name is no longer available. : winnt_accept: Asynchronous AcceptEx failed.

I'm ready for your Part 2 of the installation when you are. Thank you! Very Happy

PS. We also never covered what do I do with all those other files in the directory 'tools'.
Back to top


Reply to topic   Topic: mod_security help for newbie on windowsxp View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules Page 1, 2  Next