Re: mod-security-users Digest, Vol 6, Issue 22

The instructions are wrong, it means the source directory.  It was
the same problem I had.  The file is in the source directory.


Dan Rossi wrote:
> Hi this is the specific error i get compiling with apache2 and mod sec 2
> 
> "Makefile", line 10: Could not find /usr/local/build/special.mk
> make: fatal errors encountered -- cannot continue
> 
> top_dir = /usr/local/apache
> 
> thats where apache is installed with a ports install on freebsd.
> 
> Ivan Ristic wrote:
>> On 11/21/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote:
>>>> I am not sure what problem you are describing. Can you be more
>>>> specific please?
>>> Ok a rule for a cookie data check had a log,pass action was causing a
>>> 500 status from the default action deny,log,status:500 etc, i was also
>>> getting a default status of 403 when i set the default action to
>>> "auditlog,pass" so i can see what urls should be getting through but are
>>> tripping the audit log, so still allow the traffic until i tweak
>>> everything.
>> To me sounds like the situation I explained in one of my previous
>> emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of
>> checks that are enabled with configuration, not with rules. If any of
>> those checks are triggered access will be forbidden. The default
>> action list only affects rules. If you don't like this you need to
>> relax the checks in configuration.
>>
>>>> You can implement that via en external script using the exec action.
>>>> In general it's not a very good idea unless you implement throttling
>>>> too, ie have a mechanism that will prevent uncontrolled sending of
>>>> thousands of emails.
>>>>
>>> I could look at some kind of "buffered smtp appender", what i was asking
>>> specicially how are we able to send the message as an argument to a perl
>>> script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only
>>> really need this for the start , as it seems im getting alot of
>>> errornous audits which should be letting traffic through so i need to be
>>> aware of it so take action and tweak things.
>> All the information should be in the environment variables. Just print
>> all of them and you'll see what I mean.
>>
> 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV