Introducing mod_security
Subject:   issue with mod_security2
Date:   2007-02-05 02:09:07
From:   shuvo70
Response to: issue with mod_security2


I have installed modsecurity-apache2-2.0.3-1 rpm at centos-4.4 server. my apache version is httpd-2.0.52-28.ent.centos4
i cant see any log at /var/log/modsec_audit.log can you please tell what is wrong.

here is the basic configuration file under /etc/httpd/conf.d/modsecurity.conf

<IfModule mod_security.c>
#SecRuleEngine On
SecFilterEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterCheckCookieFormat On
SecFilterScanPOST On
SecFilterForceByteRange 0 255
SecUploadDir /tmp
SecUploadKeepFiles Off
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log
SecFilterDebugLog /var/log/httpd/modsec_debug.log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^$" nolog,allow

i tried to change as per your mail ifModule mod_security2.c but that time httpd cant start.

what could be the problem

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • issue with mod_security2
    2007-02-07 11:26:00  Ivan Ristic | O'Reilly Author [View]

    That configuration is for ModSecurity 1.9.x. ModSecurity 2.x uses different syntax. There's an example configuration included with distribution, along with the manual. BTW, you are more likely to get answers on the mod-security-users list.