Stack Overflow
Stack Overflow

Questions tagged [mod-security2]

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

[ModSecurity][1] is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

see as well [1]: https://www.modsecurity.org/

156 questions
8
votes
0 answers

Upgrading Apache on Windows Server 2008 R2

I am currently running Apache 2.2 on Windows Server 2008 R2. I would like to upgrade Apache to version 2.4.9 so that I can run mod_security2. I installed Apache 2.2 via an installer. I don't, however, see an installer for Apache v2.4.9. I can find…
DMill
  • 303
  • 1
  • 4
  • 16
6
votes
0 answers

mod_security blocks data binding in MVC4

I've installed mod_security 2.7.5 successfully after a long time dealing with 2.9.0. But now, I faced a problem. I created an MVC project and deployed it to an IIS server with mod_security installed. I created a simple login page with MVC 4, and…
Redplane
  • 2,971
  • 4
  • 30
  • 59
4
votes
1 answer

Apache modsecurity restrict hits per uri per unit of time

I'm trying to configure modsecurity for Apache to limit the number of hits a given resource can be accessed per unit of time (let's say, 10 hits per minute per resource, no matter which ip address does the request). The resources have an url pattern…
spi
  • 1,673
  • 13
  • 19
4
votes
4 answers

modsecurity whitelist ip range

I'm trying to whitelist a range of ips (Googlebots) on modsecurity on an Ubuntu 12.04 server. For example, here's a range that I need to whitelist: 66.249.64.0/19 I've tried several ways as suggested by others, but only single ips are being…
user2431427
  • 71
  • 1
  • 1
  • 3
3
votes
1 answer

ModSecurity Rules: Which are better - GotRoot or TrustWave?

We've looking for some additional rules for ModSecurity (mod_security) - there are 2 commercial options, either GotRoot, or the new ones from…
Ben
  • 155
  • 2
  • 12
3
votes
1 answer

Nginx ingress controller modsecurity

I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On. When I use nikto to do some scans and try to…
bramvdk
  • 1,347
  • 4
  • 21
  • 31
3
votes
2 answers

SecRuleEngine On seem to block PUT and DELETE requests in mod_security

I have enabled SecRuleEngine in order to implement a per IP request burst limit in apache's mod_security following this tutorial. https://johnleach.co.uk/words/2012/05/15/rate-limiting-with-apache-and-mod-security/ After a few tests it seem to work…
Diane M
  • 1,503
  • 1
  • 12
  • 23
3
votes
1 answer

modsecurity allow 1 country only

I'm currently using the following modsecurity config on my webservers to block countries: SecGeoLookupDb GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:1,deny,msg:'Block IN'" SecRule GEO:COUNTRY_CODE "@streq IN" Now for a new project I'm…
vespino
  • 1,714
  • 3
  • 15
  • 28
3
votes
1 answer

Chef: No candidate version available for mod_security2 for Ubuntu 16.04

I get error Chef: No candidate version available for mod_security2 while including package mod_security or package mod_security2 Here is snipped stacktrace: * No candidate version available for mod_security2 …
ducktyped
  • 4,354
  • 4
  • 26
  • 38
3
votes
1 answer

Mod security Block GET request to URI path

I need to block the GET request for a certain URI path. I'm using anomaly mode, but im using a straight block rule, I cannot get the rule to work properly example GET /secure/test/bla/bla/ example…
Chris Hawkins
  • 55
  • 1
  • 6
3
votes
2 answers

mod_secure script to block IPs that causes multiple 404s

I want to ban IP addresses that causes mupltiple 404 errors on my web site. I've Googled a lot and found a few scripts that gave me ideas to start. And I combined them. Here is my script: # Determining temp data dir SecDataDir…
EIKA
  • 61
  • 1
  • 5
3
votes
1 answer

mod_security2 rules for WordPress

Are there any standard (?!) mod_security2 rules for servers with WordPress websites? I want to make clear that I do not want to disable mod_security2 (it exists for a good reason). I just want to make my life a little bit easier when working with…
kanenas
  • 869
  • 1
  • 20
  • 37
3
votes
1 answer

GET with hyphens raises error 403

I have a PHP script which handles callbacks from a payment processor. If the querystring 'result' contains double dashes followed by a single, we are getting a 403, e.g. /index.php?result=A--B- (returns 403) /index.php?result=A-B- (is…
user1978903
  • 33
  • 4
3
votes
1 answer

mod_security blocks only internet explorer

I installed mod_security with an apache server, and now it's blocking only ie7/8/9 browser. (I can browse the web with firefox/chromium/etc) The logs say: Message: String match within "Proxy-Connection Lock-Token Content-Range Translate via if" at…
jperelli
  • 6,988
  • 5
  • 50
  • 85
2
votes
1 answer

ModSecurity: How to 'exec' based on 'severity' level?

I am using mod_security 2.6.3, and I would like to be able to execute a shell script based on a rule-severity level. I am using the core rule set (CRS), which sets the severity level to 2 (for 'critical') when an attack is detected. I would like to…
Liam Nelson
  • 23
  • 1
  • 4
1
2 3
10 11