|
|
Re: mod-security-users Digest, Vol 6, Issue 22: msg#00111apache.mod-security.user
On 11/21/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote: > > > I am not sure what problem you are describing. Can you be more > > specific please? > > Ok a rule for a cookie data check had a log,pass action was causing a > 500 status from the default action deny,log,status:500 etc, i was also > getting a default status of 403 when i set the default action to > "auditlog,pass" so i can see what urls should be getting through but are > tripping the audit log, so still allow the traffic until i tweak > everything. To me sounds like the situation I explained in one of my previous emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of checks that are enabled with configuration, not with rules. If any of those checks are triggered access will be forbidden. The default action list only affects rules. If you don't like this you need to relax the checks in configuration. > > You can implement that via en external script using the exec action. > > In general it's not a very good idea unless you implement throttling > > too, ie have a mechanism that will prevent uncontrolled sending of > > thousands of emails. > > > > I could look at some kind of "buffered smtp appender", what i was asking > specicially how are we able to send the message as an argument to a perl > script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only > really need this for the start , as it seems im getting alot of > errornous audits which should be letting traffic through so i need to be > aware of it so take action and tweak things. All the information should be in the environment variables. Just print all of them and you'll see what I mean. -- Ivan Ristic ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: mod-security-users Digest, Vol 6, Issue 22: 00111, Dan Rossi |
|---|---|
| Next by Date: | Re: mod-security-users Digest, Vol 6, Issue 22: 00111, Dan Rossi |
| Previous by Thread: | Re: mod-security-users Digest, Vol 6, Issue 22i: 00111, Dan Rossi |
| Next by Thread: | Re: mod-security-users Digest, Vol 6, Issue 22: 00111, Dan Rossi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |