Apache :: ModSecurity 2,0.4 released

Steffen

ModSecurity 2.0.4 has been released. The Win32 binary is available for immediate download from the Apache Lounge

Changes since 2.0.3 are:

* Fixed the "deprecatevar" action.

* Decreasing variable values did not work.

* Made "nolog" do what it is supposed to do - cause a rule match to not be logged. Also "nolog" now implies "noauditlog" but it's possible to follow "nolog" with "auditlog" and have the match not logged to the error log but logged to the auditlog. (Not something that strikes me as useful but it's possible.)

* Relative paths given to SecDataDir will now be treated as relative to the Apache server root.

* Added checks to make sure only correct actions are specified in SecDefaultAction (some actions are required, some don't make any sense) and in rules that are not chain starters (same). This should make the unhelpful "Internal Error: Failed to add rule to the ruleset" message go away.

* Fixed the problem when "SecRuleInheritance Off" is used in a context with no rules defined.

* Fixed a problem of lost input (request body) data on some redirections, for example when mod_rewrite is used.

Steffen

SabinF · Joined: 03 May 2006 Posts: 37 Location: Timisoara (Romania)

I'm having problems using the module. I am using the rules provided on the module website and it gives errors when trying to start Apache with these rules active. When I don't have any configuration made for ModSecurity, Apache starts without problem.

Steffen

Any error message when you start Apache with in a DOS box : httpd.exe -e debug ?

What happens when you only run the few rules I have put as example in the .zip ?

Steffen

SabinF · Joined: 03 May 2006 Posts: 37 Location: Timisoara (Romania)

I have compiled my own DLL and since now I didn't had any problems. It complains about SecDefaultAction.

DADE · Joined: 23 Dec 2006 Posts: 5

Hi,

I have a problem with mod_security. I have Apache 2.0.59 on Windows XP Professional, and mod_security-2.0.4-win32.

I have folowed the instructions on the zip, but when starting Apache i get this error:

"Cannot load C:/WebServer/Apache/Apache2/modules/mod_security2/mod_security2.so into server: specified module cannot be found"

On my httpd.conf i have discommented the line:
LoadModule unique_id_module modules/mod_unique_id.so

And added:
LoadModule security2_module modules/mod_security2/mod_security2.so

I have copied httpd.exe.manifest on C:\WebServer\Apache\Apache2\bin

So, what is the problem?? I need to charge mod_security quickly.

Thanks for the help and bye

James Blond

Seems that you download the wrong version. Did you download mod_security-2.0.4-2.0.x-w32.zip or mod_security-2.0.4-win32.zip?

DADE · Joined: 23 Dec 2006 Posts: 5

shit, i have mod_security-2.0.4-win32.zip

Trying that, thank's man

DADE · Joined: 23 Dec 2006 Posts: 5

i have another error:

"Syntax error on line 176 of C:/WebServer/Apache/Apache2/conf/httpd.conf:
Can't locate API module structure `mod_security2_module' in file C:/WebServer/Ap
ache/Apache2/modules/mod_security2/mod_security2.so: No error"

What about this??

thanks, cheers

James Blond

you have to change that line to

LoadModule security2_module modules/mod_security2/mod_security2.so

Please read the "Readme First.txt" in the zip file you downloaded!

DADE · Joined: 23 Dec 2006 Posts: 5

I have read man but not fixed focus on that Shocked

So, now it's working. Thank you.

Cheers Very Happy