Women in Technology

Hear us Roar



Article:
  Introducing mod_security
Subject:   issue with mod_security2
Date:   2006-10-30 10:31:56
From:   monicat
Hi, I install/compile mod_securiy Version 2.0.2 as a DSO to work with apache-2.2.3 and I could not get mod_security to work.


After untar the the tar ball,
$cd modsecurity-apache_2.0.2/apache2


Edit the Makefile to update tpp_dir to my apache tree:
top_dir = /home/truong/apache/2.2.3


Then I do the make but got error complain about file pcre.h missing so I copy the /usr/include/pcre/pcre.h into modsecurity-apache_2.0.2/apache2 and redo the make and it works fine. I stop apache and go ahead and did the make install. Add this line into httpd.conf:
...
LoadFile /usr/lib/libxml2.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
...
Include conf/hole/mod_security2.conf
...
And create a security's confile as follow:


$ cat conf/hole/mod_security2.conf
<IfModule mod_security.c>
# Server masking is optional
SecServerSignature "Microsoft-IIS/5.0"
</IfModule>


restart the server and access some bogus file but the Server Signature still said "Apache/2.2.3 (Unix) Server at gendev-lnx Port 9090" instead of "Microsoft-IIS/5.0".


I think there is something wrong with the way I compile mod_security or something is not working right on my linux system (
Linux gendev-lnx 2.4.21-37.0.1.ELhugemem #1 SMP Wed Jan 11 18:35:52 EST 2006 i686 i686 i386 GNU/Linux)
because mod_security did not work at all even thought the apache's server did indidate this in the errorlog:
....
[Mon Oct 30 12:57:10 2006] [notice] ModSecurity for Apache 2.0.2 configured
[Mon Oct 30 12:57:12 2006] [notice] Apache/2.2.3 (Unix) configured -- resuming normal operations
...
Anyone have any other to test mod_security to see if it working correctly?

Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • issue with mod_security2
    2006-10-30 12:29:38  monicat [View]

    I found the fix for this:

    Change <IfModule mod_security.c>
    to
    <IfModule mod_security2.c>

    and it works like a charm!
    - Monica
    • issue with mod_security2
      2007-02-05 02:09:07  shuvo70 [View]

      Hi

      I have installed modsecurity-apache2-2.0.3-1 rpm at centos-4.4 server. my apache version is httpd-2.0.52-28.ent.centos4
      i cant see any log at /var/log/modsec_audit.log can you please tell what is wrong.

      here is the basic configuration file under /etc/httpd/conf.d/modsecurity.conf

      <IfModule mod_security.c>
      #SecRuleEngine On
      SecFilterEngine On
      SecRequestBodyAccess On
      SecResponseBodyAccess Off
      SecFilterCheckURLEncoding On
      SecFilterCheckUnicodeEncoding Off
      SecFilterCheckCookieFormat On
      SecFilterScanPOST On
      SecFilterForceByteRange 0 255
      SecUploadDir /tmp
      SecUploadKeepFiles Off
      SecAuditEngine RelevantOnly
      SecAuditLog /var/log/httpd/modsec_audit.log
      SecFilterDebugLog /var/log/httpd/modsec_debug.log
      SecFilterDebugLevel 0
      SecFilterDefaultAction "deny,log,status:406"
      SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
      </IfModule>

      i tried to change as per your mail ifModule mod_security2.c but that time httpd cant start.

      what could be the problem
      • issue with mod_security2
        2007-02-07 11:26:00  Ivan Ristic | O'Reilly Author [View]

        That configuration is for ModSecurity 1.9.x. ModSecurity 2.x uses different syntax. There's an example configuration included with distribution, along with the manual. BTW, you are more likely to get answers on the mod-security-users list.