Re: mod-security-users Digest, Vol 6, Issue 22

Sorry, ive just tried to use the ports install on the freebsd dev 
system, it had the module commented out, i uncommented and attempted a 
restart

Syntax error on line 279 of /usr/local/etc/apache2/httpd.conf:
Can't locate API module structure `security_module' in file 
/usr/local/libexec/apache2/mod_security.so: Undefined symbol 
"security_module"

LoadModule security_module    libexec/apache2/mod_security.so


Ivan Ristic wrote:
> On 11/21/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote:
>>
>> > I am not sure what problem you are describing. Can you be more
>> > specific please?
>>
>> Ok a rule for a cookie data check had a log,pass action was causing a
>> 500 status from the default action deny,log,status:500 etc, i was also
>> getting a default status of 403 when i set the default action to
>> "auditlog,pass" so i can see what urls should be getting through but are
>> tripping the audit log, so still allow the traffic until i tweak
>> everything.
>
> To me sounds like the situation I explained in one of my previous
> emails. In ModSecurity 1.9.x (not so in 2.x) there is a number of
> checks that are enabled with configuration, not with rules. If any of
> those checks are triggered access will be forbidden. The default
> action list only affects rules. If you don't like this you need to
> relax the checks in configuration.
>
>> > You can implement that via en external script using the exec action.
>> > In general it's not a very good idea unless you implement throttling
>> > too, ie have a mechanism that will prevent uncontrolled sending of
>> > thousands of emails.
>> >
>>
>> I could look at some kind of "buffered smtp appender", what i was asking
>> specicially how are we able to send the message as an argument to a perl
>> script ie "deny,log,status:500,send:alert.pl themessagevarhere". I only
>> really need this for the start , as it seems im getting alot of
>> errornous audits which should be letting traffic through so i need to be
>> aware of it so take action and tweak things.
>
> All the information should be in the environment variables. Just print
> all of them and you'll see what I mean.
>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV