Re: mod-security-users Digest, Vol 6, Issue 22

I ended up finding it however it is looking for the source in the apache 
ports install :)

/bin/sh /usr/local/share/apache2/build/libtool --silent --mode=compile 
cc    -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow 
-Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare 
-DWITH_LIBXML2 -D_REENTRANT -D_THREAD_SAFE 
-DAP_HAVE_DESIGNATED_INITIALIZER  -I /usr/include/libxml2 
-I/usr/ports/www/apache20/work/httpd-2.0.59/srclib/apr/include 
-I/usr/ports/www/apache20/work/httpd-2.0.59/srclib/apr-util/include 
-I/usr/local/include -I. -I/usr/local/share/apache2/os/unix 
-I/usr/local/share/apache2/server/mpm/prefork 
-I/usr/local/share/apache2/modules/http 
-I/usr/local/share/apache2/modules/filters 
-I/usr/local/share/apache2/modules/proxy 
-I/usr/local/share/apache2/include 
-I/usr/local/share/apache2/modules/generators -I/usr/include/openssl 
-I/usr/local/share/apache2/modules/dav/main -prefer-pic -c 
mod_security2.c && touch mod_security2.slo

mod_security2.c:15:23: http_core.h: No such file or directory
mod_security2.c:16:26: http_request.h: No such file or directory
In file included from modsecurity.h:36,
                 from mod_security2.c:18:
msc_multipart.h:24:25: apr_general.h: No such file or directory
msc_multipart.h:25:24: apr_tables.h: No such file or directory
In file included from modsecurity.h:36,


etc

Ivan Ristic wrote:
> On 11/21/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote:
>>
>> > I am not sure what problem you are describing. Can you be more
>> > specific please?
>>
>> Ok a rule for a cookie data check had a log,pass action was causing a
>> 500 status from the default action deny,log,status:500 etc, i was also
>> getting a default status of 403 when i set the default action to
>> "auditlog,pass" so i can see what urls should be getting through but are
>> tripping the audit log, so still allow the traffic until i tweak
>> everything.
>
> To me sounds like the situation I explained in one of my previous
> emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of
> checks that are enabled with configuration, not with rules. If any of
> those checks are triggered access will be forbidden. The default
> action list only affects rules. If you don't like this you need to
> relax the checks in configuration.
>
>> > You can implement that via en external script using the exec action.
>> > In general it's not a very good idea unless you implement throttling
>> > too, ie have a mechanism that will prevent uncontrolled sending of
>> > thousands of emails.
>> >
>>
>> I could look at some kind of "buffered smtp appender", what i was asking
>> specicially how are we able to send the message as an argument to a perl
>> script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only
>> really need this for the start , as it seems im getting alot of
>> errornous audits which should be letting traffic through so i need to be
>> aware of it so take action and tweak things.
>
> All the information should be in the environment variables. Just print
> all of them and you'll see what I mean.
>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV