On 18/03/2012 21:48, Reindl Harald wrote:
Am 18.03.2012 22:24, schrieb Aero Maxx:
On 18/03/2012 13:44, Reindl Harald wrote:
Am 18.03.2012 14:34, schrieb Aero Maxx:
[Sun Mar 18 03:48:31 2012] [error] [client 192.168.0.103] ModSecurity: Warning.
Operator GE matched 15 at
TX:outbound_anomaly_score. [file
"/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line
"38"] [msg "Outbound Anomaly Score Exceeded (score 15): The application is not
available"] [hostname
"www.wordpress.beta"] [uri "/index.php"] [unique_id "T2VbD1IRn4QAACJXLNQAAAAB"]
How would I go about fixing that ? so i can have virtual hosts that modsecurity
doesn't complain about?
SecResponseBodyAccess Off
SecResponseBodyAccess does mostly introduce more problems
as it can ever solve - you saw the "Outbound Anomaly Score Exceeded"
Where abouts is a good place to put that ?
cat /etc/httpd/modsecurity.d/modsecurity_10_config.conf
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyInMemoryLimit 1048576
SecResponseBodyAccess Off
SecServerSignature "not disclosed"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecArgumentSeparator "&"
SecCookieFormat 0
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
SecAuditEngine Off
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts "ABIFHKZ"
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecDataDir /tmp
SecTmpDir /tmp
SecDefaultAction "phase:2,deny,log"
I didn't have any of what you posted in that file I had something
slightly different for SecDefaultAction. I have added
SecResponseBodyAccess Off to this file, would you recommend I add all of
it ? my file seems a lot different to yours, in that its named
differently (modsecurity_crs_10_config.conf) and has some bits commented
out which could be smiliar to what you have in your file.
But I am still getting the same problem as before in that it will start
at boot, but I cant access it until I have killed the process and have
to start it again myself.
I get this error aswell sometimes, but a restart of apache fixes this
also, so unsure how it likes it sometimes but doesn't at others.
[Mon Mar 19 10:04:13 2012] [error] [client 192.168.0.103] ModSecurity:
Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file
"/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"]
[line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 5, SQLi=,
XSS=): Host header is a numeric IP address"] [hostname "192.168.0.104"]
[uri "/error/noindex.html"] [unique_id "T2cEnVIRn4QAAAhvuzsAAAAG"]
Thanks
Daniel.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
