logo       
<prev   next>

Re: mod sec 2 only able to turn off rules for a location in vhost conf and : msg#00146

apache.mod-security.user

Subject: Re: mod sec 2 only able to turn off rules for a location in vhost conf and audit log

 

Another note: I still did not read in details the e-mails you sent yesterday (I will get to that), but vhost is the only location selection directive that works in phase 1, so it still seems like an issue with phases.

 

~ Ofer

 

From: mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Dan Rossi
Sent: Tuesday, November 28, 2006 6:35 AM
To: mod-security-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [mod-security-users] mod sec 2 only able to turn off rules for a location in vhost conf and audit log

 

Ok it seems the only rule that works for a location in vhost configs is to turn off rules by id, this is going to take alot of messing around with as there is obviouslly hundreds of rules and id's.

I am still noticing 404's being logged into the audit log which has nothing to do with trapping urls, i was trying to trap one of the rules but got a 404 instead doesnt seem like its running.

--0efc837a-A--
[28/Nov/2006:15:26:05 +1100] DHk6Q8CoAGcAAQ9PBRwAAAAA
--0efc837a-B--
GET /directory.php HTTP/1.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
Host:

X-Forwarded-For:
Cache-Control: max-age=259200
Connection: keep-alive

--0efc837a-F--
HTTP/1.1 404 Not Found
Content-Length: 298
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

--0efc837a-H--
Apache-Error: [file "/usr/home/danielr/php-4.4.4/sapi/apache2handler/sapi_apache2.c"] [line 282] [level 3] script '/www/directory.php' not found or unable to stat
Stopwatch:(579 21364 -)
Producer: ModSecurity v2.0.3 (Apache 2.x)
Server: Apache/2.0.59 (FreeBSD) PHP/4.4.4 DAV/2 hiperf_auth_mysql_module/1.0.3

--0efc837a-Z--


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
mod-security-users mailing list
mod-security-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/mod-security-users
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: mod sec 2 only able to turn off rules for a location in vhost conf and audit log: 00146, Ofer Shezaf
Next by Date:  Re: mod sec 2 only able to turn off rules for a location in vhost conf and audit log: 00146, Dan Rossi
Previous by Thread:  Re: mod sec 2 only able to turn off rules for a location in vhost conf and audit logi: 00146, Ofer Shezaf
Next by Thread:  Re: mod sec 2 only able to turn off rules for a location in vhost conf and audit log: 00146, Dan Rossi
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise