Article:		Introducing mod_security
Subject:		issue with mod_security2
Date:		2006-10-30 10:31:56
From:		monicat
Hi, I install/compile mod_securiy Version 2.0.2 as a DSO to work with apache-2.2.3 and I could not get mod_security to work. After untar the the tar ball, $cd modsecurity-apache_2.0.2/apache2 Edit the Makefile to update tpp_dir to my apache tree: top_dir = /home/truong/apache/2.2.3 Then I do the make but got error complain about file pcre.h missing so I copy the /usr/include/pcre/pcre.h into modsecurity-apache_2.0.2/apache2 and redo the make and it works fine. I stop apache and go ahead and did the make install. Add this line into httpd.conf: ... LoadFile /usr/lib/libxml2.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so ... Include conf/hole/mod_security2.conf ... And create a security's confile as follow: $ cat conf/hole/mod_security2.conf <IfModule mod_security.c> # Server masking is optional SecServerSignature "Microsoft-IIS/5.0" </IfModule> restart the server and access some bogus file but the Server Signature still said "Apache/2.2.3 (Unix) Server at gendev-lnx Port 9090" instead of "Microsoft-IIS/5.0". I think there is something wrong with the way I compile mod_security or something is not working right on my linux system ( Linux gendev-lnx 2.4.21-37.0.1.ELhugemem #1 SMP Wed Jan 11 18:35:52 EST 2006 i686 i686 i386 GNU/Linux) because mod_security did not work at all even thought the apache's server did indidate this in the errorlog: .... [Mon Oct 30 12:57:10 2006] [notice] ModSecurity for Apache 2.0.2 configured [Mon Oct 30 12:57:12 2006] [notice] Apache/2.2.3 (Unix) configured -- resuming normal operations ... Anyone have any other to test mod_security to see if it working correctly?

Showing messages 1 through 3 of 3.

• issue with mod_security2
  2006-10-30 12:29:38  monicat [View]
  
  
  I found the fix for this:
  
  Change <IfModule mod_security.c>
  to
  <IfModule mod_security2.c>
  
  and it works like a charm!
  - Monica
• issue with mod_security2
  2007-02-05 02:09:07  shuvo70 [View]
  
  
  Hi
  
  I have installed modsecurity-apache2-2.0.3-1 rpm at centos-4.4 server. my apache version is httpd-2.0.52-28.ent.centos4
  i cant see any log at /var/log/modsec_audit.log can you please tell what is wrong.
  
  here is the basic configuration file under /etc/httpd/conf.d/modsecurity.conf
  
  <IfModule mod_security.c>
  #SecRuleEngine On
  SecFilterEngine On
  SecRequestBodyAccess On
  SecResponseBodyAccess Off
  SecFilterCheckURLEncoding On
  SecFilterCheckUnicodeEncoding Off
  SecFilterCheckCookieFormat On
  SecFilterScanPOST On
  SecFilterForceByteRange 0 255
  SecUploadDir /tmp
  SecUploadKeepFiles Off
  SecAuditEngine RelevantOnly
  SecAuditLog /var/log/httpd/modsec_audit.log
  SecFilterDebugLog /var/log/httpd/modsec_debug.log
  SecFilterDebugLevel 0
  SecFilterDefaultAction "deny,log,status:406"
  SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
  </IfModule>
  
  i tried to change as per your mail ifModule mod_security2.c but that time httpd cant start.
  
  what could be the problem
• issue with mod_security2
  2007-02-07 11:26:00  Ivan Ristic | [View]
  
  
  That configuration is for ModSecurity 1.9.x. ModSecurity 2.x uses different syntax. There's an example configuration included with distribution, along with the manual. BTW, you are more likely to get answers on the mod-security-users list.