On 9/6/11 11:42 PM, Craig White wrote:
> On Tue, 2011-09-06 at 22:42 -0700, Philip Prindeville wrote:
>> I had configured and installed subversion (SVN) to run over HTTP as the
>> transport, but when I tried to use it I got:
>>
>> [Mon Sep 05 11:23:29 2011] [error] [client ::1] ModSecurity: Warning.
>> Operator LT matched 20 at TX:inbound_anomaly_score. [file
>> "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"]
>> [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=,
>> XSS=): Method is not allowed by policy"] [hostname "localhost"] [uri
>> "/svn/astlinux/trunk/package/linux-atm"] [unique_id
>> "TmUFkcCoAQoAABnnJF8AAAAD"]
>> [Mon Sep 05 11:23:29 2011] [error] [client ::1] ModSecurity: Warning.
>> Operator LT matched 20 at TX:inbound_anomaly_score. [file
>> "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"]
>> [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=,
>> XSS=): Method is not allowed by policy"] [hostname "localhost"] [uri
>> "/svn/astlinux/!svn/act/709637a8-16ca-40eb-8008-8cb9d5bd189c"] [unique_id
>> "TmUFkcCoAQoAABnlI-4AAAAB"]
>> [Mon Sep 05 11:23:29 2011] [error] [client ::1] ModSecurity: Warning.
>> Operator LT matched 20 at TX:inbound_anomaly_score. [file
>> "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"]
>> [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=,
>> XSS=): Method is not allowed by policy"] [hostname "localhost"] [uri
>> "/svn/astlinux/!svn/act/709637a8-16ca-40eb-8008-8cb9d5bd189c"] [unique_id
>> "TmUFkcCoAQoAABnkI6QAAAAA"]
>>
>> when doing commits, etc. I was thinking it would be nice if mod_security
>> out-of-the-box supported SVN...
>>
>> I'm looking at the supposed offending rule:
>>
>> SecRule TX:INBOUND_ANOMALY_SCORE "@gt 0" \
>> "chain,phase:5,t:none,log,noauditlog,pass,msg:'Inbound Anomaly Score
>> (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, SQLi=%{TX.SQLI_SCORE},
>> XSS=%{TX.XSS_SCORE}): %{tx.inbound_tx_msg}'"
>> SecRule TX:INBOUND_ANOMALY_SCORE "@lt
>> %{tx.inbound_anomaly_score_level}" "skipAfter:END_CORRELATION"
>>
>> and thinking "Wha.....t?"
>>
>> If the .conf files out-of-the-box can't support SVN by default, how about at
>> least having a post-install script that modifies the rules to accommodate
>> SVN?
>>
>> Or what about SVN installing its own rules if it detects mod_security is
>> installed and enabled?
>>
>> But less abstractly: does anyone know what's required to make SVN-over-HTTP
>> work with mod_security?
> ----
> This might help...
> http://dawelbeit.info/2009/09/26/subversion-and-mod_security/
>
> I don't think SVN and mod_security is a commonly used configuration.
>
> Craig
>
>
Thanks, I looked at that and a couple of other things that also matched a
similar search... like this:
http://www.waltercedric.com/component/content/article/329-apache/1565-subversion-and-mod-security.html
They suggest using:
SecRuleRemoveById ...
from within the <Directory> or <Location>. Problem is I can't figure out how
to identify the rule by "tag" or "id".
I know which rule it is, but not the "tag" or "id" associated with it:
30 SecRule TX:INBOUND_ANOMALY_SCORE "@gt 0" \
31 "chain,phase:5,t:none,log,noauditlog,pass,msg:'Inbound Anomaly
Score (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, SQLi=%{TX.SQLI_SCORE},
XSS=%{TX.XSS_SCORE}): %{tx.inbound_tx_msg}'"
32 SecRule TX:INBOUND_ANOMALY_SCORE "@lt
%{tx.inbound_anomaly_score_level}" "skipAfter:END_CORRELATION"
any suggestions? The man page for "SecRule" calls it out as having 3 parts:
VARIABLES, OPERATOR, [ ACTIONS ] ... nothing about tags or ids.
Thanks,
-Philip
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
