Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
21
votes
3 answers

Ubuntu '-bash: nano: command not found'

I am trying to use Ubuntu 18.04 to download ModSecurity on Google Cloud, but whenever I try writing sudo nano *file*.conf or nano *file*.conf. I get an error saying -bash: nano: command not found or sudo: nano: command not found. I'm not sure if it…
David Babablola
  • 313
  • 2
  • 3
  • 11
13
votes
2 answers

mod_security false positives

I`m getting lots of false positives [??]after just setting up mod_security. I'm running it in detection only so no issues yet but these filters will start blocking requests once I need it to go live. Afraid I don't 100% understand what the…
Sean Kimball
  • 4,506
  • 9
  • 42
  • 73
10
votes
5 answers

Apache error 500 on large file uploads (mod_security)

As far as I've tried, none of the usual solutions works for me. Well, my problem, I'm receiving an 500 Error every time I upload a "large file" (600 KB ~), with smaller images it works fine. So..., even with this (extreme) .htaccess file it keeps…
Octal
  • 410
  • 1
  • 5
  • 12
10
votes
2 answers

How to use mod_security as standalone?

I've seen the module named standalone in the package of Mod_Security; but I'm not sure how to use it after making and installing it! Is there any good resources for the start up?
Ace
  • 420
  • 2
  • 8
  • 25
10
votes
2 answers

Apache2 mod_evasive vs mod_security with OWASP crs when protecting against DDOS?

Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already…
Martynas Sušinskas
  • 101
  • 1
  • 4
9
votes
2 answers

Request body (Content-Length) is larger than the configured limit?

I have a file uploading site and am getting this error when trying to upload files larger than 400MB. Does anyone know where I can set this value? I also have ModSecurity Disabled for this account so I don't know why MS is catching this in the first…
user1446650
  • 1,197
  • 6
  • 15
  • 24
8
votes
4 answers

SSL slow. Establishing secure connection taking too long

I have a dedicated server with 256GB RAM 6 CPUs (12 Threads) on Hetzner, and it is located in Germany. I have CENTOS 7.5. EA4. My problem is with SSL. Every day for about 2 hours, we have 40 requests in one second and finishing requests takes about…
temo
  • 612
  • 1
  • 9
  • 25
8
votes
2 answers

ModSecurity maximum post limits (PCRE limit errors)

I've been having tonnes of issues with Mod Security. I am busy writing a CMS for a project at work and while developing a page to edit a certain database record I kept getting 403 errors. After hours of banging my head against my desk, adjusting…
Jonathon
  • 15,873
  • 11
  • 73
  • 92
7
votes
2 answers

"SecCollectionTimeout is not yet supported" in WAF owasp modsecurity crs with NGINX

I install nginx with WAF (Using Docker) mkdir -p /usr/src \ && cd /usr/src/ \ && git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity \ && cd ModSecurity \ && git submodule init \ && git…
nasatome
  • 521
  • 6
  • 13
7
votes
2 answers

ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer

I'm doing a POST request to a rest service made with django and piston uploading a file, but when I do the request i get this (strange?) error: [Sun Jul 04 16:12:38 2010] [error] [client 79.39.191.166] ModSecurity: Output filter: Failed to read…
patrick
  • 6,533
  • 7
  • 45
  • 66
7
votes
1 answer

Mod Security response/request body size?

How do I get the size of the response/request body in Mod Security? I keep getting this error for example: [Mon Sep 17 23:34:38 2012] [error] [client 192.168.1.1] ModSecurity: Output filter: Response body too large (over limit of 1000, total not…
user1529891
6
votes
4 answers

Detect if Mod_Security Is Installed With PHP?

Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed. Some people have recommended using apache_get_modules() but this specific web-host does not…
user384030
  • 199
  • 1
  • 3
  • 6
6
votes
0 answers

mod_security blocks data binding in MVC4

I've installed mod_security 2.7.5 successfully after a long time dealing with 2.9.0. But now, I faced a problem. I created an MVC project and deployed it to an IIS server with mod_security installed. I created a simple login page with MVC 4, and…
Redplane
  • 2,971
  • 4
  • 30
  • 59
6
votes
2 answers

Facebook links to my site resolve as 403 forbidden

Hi I'm experiencing a super weird problem. Whenever I post links to my website on Facebook, they come up as Forbidden. The site itself works great and I have no seen this when linking on other sites. Could this be a server misconfiguration? Any…
filip
  • 3,036
  • 4
  • 22
  • 20
6
votes
1 answer

How do I use Apache mod_rewrite rewritecond with POST parameters?

I know I can inspect GET query string parameters in rewritecond as follows: RewriteCond %{REQUEST_URI} ^/somepath/somepath RewriteCond %{REQUEST_METHOD} GET RewriteCond %{QUERY_STRING} try=3 RewriteCond %{QUERY_STRING} name=([^&]*) RewriteRule…
Jaffadog
  • 664
  • 8
  • 16
1
2 3
31 32