Introducing mod_security
Subject:   mod_security2 and SecRule
Date:   2006-10-31 08:55:03
From:   ivanr
Response to: mod_security2 and SecRule

Hmm, your configuration works for me here. Can I suggest you try two things? First upgrade to 2.0.4-dev1 and try again. If that does not work please join us on the mod-security-users mailing list (see here
Main Topics Newest First

Showing messages 1 through 1 of 1.

  • Re: My SecRule does not work on mod_security2.c
    2006-11-02 07:31:07  monicat [View]

    Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below:

    <IfModule mod_security2.c>
    # Basic configuration options
    # Server masking is optional
    SecServerSignature "Microsoft-IIS/5.0"

    # Maximum request body size we will
    # accept for buffering
    SecRequestBodyAccess On
    SecRequestBodyLimit 131072
    # Store up to 128 KB in memory
    SecRequestBodyInMemoryLimit 131072

    # Buffer response bodies of up to
    # 512 KB in length
    SecResponseBodyAccess Off
    SecResponseBodyLimit 524288

    # Debug log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 9

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial

    # The name of the audit log file
    SecAuditLog logs/modsec_audit.log

    # Default action set
    SecDefaultAction "deny,log,auditlog,status:403"

    # Turn on Rule Engine
    SecRuleEngine On
    SecRule REQUEST_URI dirty

    # Refuse to accept POST requests that do
    # not specify request body length
    # SecRule REQUEST_METHOD ^POST$ chain
    # SecRule REQUEST_HEADER:Content-Length ^$

    Any help is appreciated.
    - Monicat