Search Results

Search found 30 results on 2 pages for 'modsecurity'.

Page 1/2 | 1 2 | Next Page >

ModSecurity compile error on nginx

- by user146481

I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified as Linux configure: looking for Apache module support via DSO through APXS configure: error: couldn't find APXS After installing httpd-devel httpd-devel and running ./configure --enable-standalone-module --with-apxs=/usr/sbin/apxs ; make modsecurity compile workes but still have another error of nginx compilation : ./configure --add-module=/usr/local/src/john/ModSecurity-master/nginx/modsecurity and i got this error : gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/include/apache2 -I /usr/include/apr-1.0 -I /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone -I /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2 -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/mail \ -o objs/addon/modsecurity/ngx_http_modsecurity.o \ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:20:23: error: http_core.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:21:26: error: http_request.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:37, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_logging.h:41:23: error: apr_pools.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:38, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:26:25: error: apr_general.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:27:24: error: apr_tables.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:38, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:44: error: expected specifier-qualifier-list before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:65: error: expected specifier-qualifier-list before ‘apr_array_header_t’ cc1: warnings being treated as errors /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: expected ‘,’ or ‘;’ before ‘multipart_cleanup’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:137: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:39, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_pcre.h:41: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_pcre.h:45: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:19:27: error: apr_file_info.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:41, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: type defaults to ‘int’ in declaration of ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: expected ‘,’ or ‘;’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:24: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:20:19: error: httpd.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:21:24: error: ap_release.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:24:26: error: apr_optional.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: expected declaration specifiers or ‘...’ before ‘modsec_register_tfn’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: expected declaration specifiers or ‘...’ before ‘modsec_register_operator’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:32: error: expected declaration specifiers or ‘...’ before ‘modsec_register_variable’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:33: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:32: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:36: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: expected declaration specifiers or ‘...’ before ‘modsec_register_reqbody_processor’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:56: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:58: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: expected ‘,’ or ‘;’ before ‘input_filter’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: expected ‘,’ or ‘;’ before ‘output_filter’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: expected ‘,’ or ‘;’ before ‘read_request_body’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: expected ‘,’ or ‘;’ before ‘send_error_bucket’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:83: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:85: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:93: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:95: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:43:25: error: http_config.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:59: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: expected ‘,’ or ‘;’ before ‘collection_original_setvar’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:63: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:67: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:70: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:75: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:76: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:86: error: expected specifier-qualifier-list before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:94: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:101: error: expected specifier-qualifier-list before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: expected ‘,’ or ‘;’ before ‘msre_ruleset_process_phase’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: expected ‘,’ or ‘;’ before ‘msre_ruleset_process_phase_internal’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:115: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:143: error: expected specifier-qualifier-list before ‘apr_ipsubnet_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:149: error: expected specifier-qualifier-list before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:189: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:219: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:235: error: expected specifier-qualifier-list before ‘fn_tfn_execute_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:239: error: expected declaration specifiers or ‘...’ before ‘fn_tfn_execute_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:258: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:258: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:285: error: expected specifier-qualifier-list before ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: expected declaration specifiers or ‘...’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: ‘apr_status_t’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: ‘apr_status_t’ redeclared as different kind of symbol /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: note: previous declaration of ‘apr_status_t’ was here /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:342: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:342: error: ‘fn_action_execute_t’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:369: error: expected specifier-qualifier-list before ‘fn_action_init_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:399: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:403: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:403: error: ‘msre_parse_vars’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:415: error: expected specifier-qualifier-list before ‘apr_size_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:54: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:62: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:66: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:68: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:70: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:74: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:76: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:82: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:88: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:90: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:92: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:100: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:102: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:104: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:106: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:108: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:110: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:112: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:114: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:128: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:132: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:136: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: type defaults to ‘int’ in declaration of ‘apr_fileperms_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: expected ‘,’ or ‘;’ before ‘mode2fileperms’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:144: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:41, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_xml.h:43: error: ‘xml_cleanup’ declared as function returning a function In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_geo.h:38:25: error: apr_file_io.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_geo.h:58: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:43, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_gsb.h:22:22: error: apr_hash.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:43, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_gsb.h:25: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:44, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_unicode.h:25: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:46, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_crypt.h:34: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:48:23: error: ap_config.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:49:21: error: apr_md5.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:50:25: error: apr_strings.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:54:22: error: http_log.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:938: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:938: error: too many arguments to function ‘ConvertNgxStringToUTF8’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:942: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:944: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:952: error: ‘modsecurity_read_body_cb’ undeclared (first use in this function) make[1]: *** [objs/addon/modsecurity/ngx_http_modsecurity.o] Error 1 make[1]: Leaving directory `/usr/local/src/john/nginx-1.2.5' make: *** [build] Error 2 Note : I'm using nginx as the only webserver and i do not have apache installed. OS : Centos 6 64bit How can i solve this problem And do you have another easy way to install modsecurity with nginx ?

Read the article
Does ModSecurity 2.7.1 work with ASP.NET MVC 3?

- by autonomatt

I'm trying to get ModSecurity 2.7.1 to work with an ASP.NET MVC 3 website. The installation ran without errors and looking at the event log, ModSecurity is starting up successfully. I am using the modsecurity.conf-recommended file to set the basic rules. The problem I'm having is that whenever I am POSTing some form data, it doesn't get through to the controller action (or model binder). I have SecRuleEngine set to DetectionOnly. I have SecRequestBodyAccess set to On. With these settings, the body of the POST never reaches the controller action. If I set SecRequestBodyAccess to Off it works, so it's definitely something to do with how ModSecurity forwards the body data. The ModSecurity debug shows the following (looks to me as if all passed through): Second phase starting (dcfg 94b750). Input filter: Reading request body. Adding request argument (BODY): name "[0].IsSelected", value "on" Adding request argument (BODY): name "[0].Quantity", value "1" Adding request argument (BODY): name "[0].VariantSku", value "047861" Adding request argument (BODY): name "[1].Quantity", value "0" Adding request argument (BODY): name "[1].VariantSku", value "047862" Input filter: Completed receiving request body (length 115). Starting phase REQUEST_BODY. Recipe: Invoking rule 94c620; [file "*********************"] [line "54"] [id "200001"]. Rule 94c620: SecRule "REQBODY_ERROR" "!@eq 0" "phase:2,auditlog,id:200001,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:%{reqbody_error_msg},severity:2" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against REQBODY_ERROR. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 5549c38; [file "*********************"] [line "75"] [id "200002"]. Rule 5549c38: SecRule "MULTIPART_STRICT_ERROR" "!@eq 0" "phase:2,auditlog,id:200002,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against MULTIPART_STRICT_ERROR. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 554bd70; [file "********************"] [line "80"] [id "200003"]. Rule 554bd70: SecRule "MULTIPART_UNMATCHED_BOUNDARY" "!@eq 0" "phase:2,auditlog,id:200003,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 554cbe0; [file "*********************************"] [line "94"] [id "200004"]. Rule 554cbe0: SecRule "TX:/^MSC_/" "!@streq 0" "phase:2,log,auditlog,id:200004,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" Rule returned 0. Hook insert_filter: Adding input forwarding filter (r 5541fc0). Hook insert_filter: Adding output filter (r 5541fc0). Initialising logging. Starting phase LOGGING. Recording persistent data took 0 microseconds. Audit log: Ignoring a non-relevant request. I can't see anything unusual in Fiddler. I'm using a ViewModel in the parameters of my action. No data is bound if SecRequestBodyAccess is set to On. I'm even logging all the Request.Form.Keys and values via log4net, but not getting any values there either. I'm starting to wonder if ModSecurity actually works with ASP.NET MVC or if there is some conflict with the ModSecurity http Module and the model binder kicking in. Does anyone have any suggestions or can anyone confirm they have ModSecurity working with an ASP.NET MVC website?

Read the article
Why Is ModSecurity Unable to Access the Data Directory?

- by tommytwoeyes

Update I think we've solved this; the problem appears to have been a result of the /modsec_storage directory having an incorrect value for its SELinux context type. However, we're still not sure, because although after I changed the SELinux context type value, Apache was able to create files in that directory for the global and ip collections (global.dir/global.pag and ip.dir/ip.pag), the new files still have zero bytes. I'm new to ModSecurity and am not sure if the files are empty because something is wrong with the configuration or if ModSecurity has simply determined it doesn't need to store IP addresses persistently after each transaction ends. Anyone able to offer guidance here? I've recently installed ModSecurity (v2.5.12 / CRS v2.0.8) on our production server, and everything works great, except for these errors that it keeps writing to the Apache error log: Failed to access DBM file "/modsec_storage/global": Permission denied [hostname "www.internationalstudent.com"] [uri "/includes/soc_bookmarks/images/delicious.png"] [unique_id "LZ6jc38AAAEAAFO6408AAABO"] Failed to access DBM file "/modsec_storage/ip": Permission denied [hostname "www.internationalstudent.com"] [uri "/includes/soc_bookmarks/images/delicious.png"] [unique_id "LZ6jc38AAAEAAFO6408AAABO"] After following the instructions for file permission settings in the ModSecurity handbook by Ivan Ristic, with no success, I created a /modsec_storage directory, set the owner & group to apache, and set the permissions for the directory recursively to 777. However, ModSecurity is still reporting the same permission errors, so I am stumped. Can anyone tell me how to fix this?

Read the article
modsecurity apache mod-security.conf missing

- by TechMedicNYC

Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

Read the article
mod_security: another rule with same ID

- by Ashish

I have installed httpd 2.2.15 on CentOS 6.5 (minimal installation with no cPanel) with modsecurity 2.8. When I am starting httpd I am getting this error: Starting httpd: Syntax error on line 23 of /etc/httpd/conf.d/modsecurity.conf: ModSecurity: Found another rule with the same id The line 23 is: "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" Please advise. Thx in advanced

Read the article
Necesity of ModSecurity if Apache is behind Nginx

- by Saif Bechan

I have my Apache installed behind Nginx. So every request that comes in is first handeled by Nginx. If there is dynamic content needed the request is send to Apache which listens on port 8080. Pretty basic reverse proxy setup. Now with this setup the first entry point is Nginx. Is it still needed to install ModSecurity to protect Apache against unwanted request. Or should I just focus on protecting Nginx as this is the first entry point. All suggestions are welcome.

Read the article
Detecting Request that uses invalid Encoding using Modsecurity

- by Ali Ahmad

I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e. <Location /index.php> SecDefaultAction phase:2,t:none,log,deny # Validate parameter names SecRule ARGS_NAMES "!^(articleid)$" \ "msg:'Unknown parameter: %{MATCHED_VAR_NAME}'" # Expecting articleid only once SecRule &ARGS:articleid "!@eq 1" \ "msg:'Parameter articleid seen more than once'" # Validate parameter articleid SecRule ARGS:articleid "!^[0-9]{1,10}$" \ "msg:'Invalid parameter articleid'" </Location> The problem is how can i reject requests that use invalid encoding as a global WAF configuration so that this patch cannot be circumvented.

Read the article
after enabling mod ssl apache stops listening on port 80

- by zensys

I have an ubuntu 12.04 server with zend server CE installed. I now wanted to enable https but after the first steps according to the documentation, 'a2enmod ssl' and 'apache service restart', apache does not listen on 443 but neither on 80, according to netstat -tap | grep http(s)! This is what I see in my error log, but I can't make much of it: [Fri May 25 19:52:39 2012] [notice] caught SIGTERM, shutting down [Fri May 25 19:52:41 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Fri May 25 19:52:41 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured. [Fri May 25 19:52:41 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6" [Fri May 25 19:52:41 2012] [warn] ModSecurity: Loaded APR do not match with compiled! [Fri May 25 19:52:41 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [Fri May 25 19:52:41 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Fri May 25 19:52:41 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Fri May 25 19:53:11 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured. [Fri May 25 19:53:11 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6" [Fri May 25 19:53:11 2012] [warn] ModSecurity: Loaded APR do not match with compiled! [Fri May 25 19:53:11 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [Fri May 25 19:53:11 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Fri May 25 19:53:11 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Fri May 25 19:53:12 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.8-ZS5.5.0 configured -- resuming normal operations and here is my httpd.conf: # Name based virtual hosting <virtualhost *:80> ServerName www-redirect KeepAlive Off RewriteEngine On RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </virtualhost> Alias /shared/js "/home/web/library/js" Alias /shared/image "/home/web/library/image" <IfModule mod_expires.c> <FilesMatch "\.(jpe?g|png|gif|js|css|doc|rtf|xls|pdf)$"> ExpiresActive On ExpiresDefault "access plus 1 week" </FilesMatch> </IfModule> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn <Directory /> Options FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> <Location /> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ /index.php [NC,L] </Location> netstat -tap gives: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 765/mysqld tcp 0 0 *:pop3 *:* LISTEN 744/dovecot tcp 0 0 *:imap2 *:* LISTEN 744/dovecot tcp 0 0 *:http *:* LISTEN 19861/apache2 tcp 0 0 *:smtp *:* LISTEN 30365/master tcp 0 0 *:4444 *:* LISTEN 634/sshd tcp 0 0 *:kamanda *:* LISTEN 1167/lighttpd tcp 0 0 *:imaps *:* LISTEN 744/dovecot tcp 0 0 *:amandaidx *:* LISTEN 1167/lighttpd tcp 0 0 localhost.loc:amidxtape *:* LISTEN 19861/apache2 tcp 0 0 *:pop3s *:* LISTEN 744/dovecot tcp 0 384 mail.mysite.:4444 231.214.14.37.dyn:41909 ESTABLISHED 19039/sshd: web [pr tcp 0 0 localhost.localdo:mysql localhost.localdo:48252 ESTABLISHED 765/mysqld tcp 0 0 mail.mysite.:http 231.214.14.37.dyn:54686 TIME_WAIT - tcp 0 0 mail.mysite.:4444 231.214.14.37.dyn:42419 ESTABLISHED 19372/sshd: web [pr tcp 0 0 localhost.localdo:48252 localhost.localdo:mysql ESTABLISHED 19884/auth tcp 0 0 mail.mysite.:http 231.214.14.37.dyn:54685 TIME_WAIT - tcp6 0 0 [::]:pop3 [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:smtp [::]:* LISTEN 30365/master tcp6 0 0 [::]:4444 [::]:* LISTEN 634/sshd tcp6 0 0 [::]:imaps [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN 744/dovecot Anyone knows what I am doing wrong? Perhaps I should take some additional steps to make apache listen 0n 443 but that it stops listening on 80 altogether I can't understand.

Read the article
How to debug modsecurity_audit_log

- by max87

I was accessing www.example.com/RestAPI/index.php/tweets.json in my server. The modsec_audit.log showed the following error, but there is no related errors/warnings in modsec_debug.log. I could see the Internal Server error is logged in example-error_log. How can I debug this Internal Server error? --8560e90b-A-- [21/Mar/2012:07:01:52 +0000] T2l84H8AAAEAAGxPZ@QAAAAG x.x.x.x 33101 x.x.x.x 80 --8560e90b-B-- GET /RestAPI/index.php/tweets.json HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Cookie: __utma=159129855.1463065063.1331789485.1331789485.1331789485.1; __utmz=159129855.1331789485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 8cb6a414cf5ec1919864de0e80bea4da=0es7dcu0p10cocfpferb2lddi0; 8926e4f3c475bb6fcacb409299f1bd27=53cf8c5e6bf78ea45096945377e6d609 Connection: keep-alive Cache-Control: max-age=0 --8560e90b-F-- HTTP/1.0 500 Internal Server Error X-Powered-By: PHP/5.3.5 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --8560e90b-H-- Apache-Handler: php5-script Stopwatch: 1332313312358005 130428 (- - -) Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); core ruleset/2.0.5. Server: Apache --8560e90b-Z--

Read the article
mod_security2 and w00tw00t attacks

- by Saif Bechan

I have a server with apache and i recently installed mod_config2 because I get attacked a lot by this: My apache version is apache v 2.2.3 and i user mod_security2.c [Wed Mar 24 02:35:41 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:31 2010] [error] [client 202.75.211.90] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:49 2010] [error] [client 95.228.153.177] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:48:03 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) I tried configuring mod_security2 like this: SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind" SecFilterSelective REQUEST_URI "\w00tw00t.at.ISC.SANS" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:)" The thing in mod_security2 is that SecFilterSelective can not be used, it gives me erros. Instead i use a rule like this: SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind" SecRule REQUEST_URI "\w00tw00t.at.ISC.SANS" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:)" Even this does not work. I don't know what to do anymore. Anyone have any advice?

Read the article
What advantages does mod_evasive have over mod_security2 in terms of DDOS protection?

- by Martynas Sušinskas

Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already installed for overall protection, but the question is: is it worth adding mod_evasive besides mod_security just for the DDOS (does it have any major advantages) or the OWASP crs rules in the /experimental_rules/ directory (modsecurity_crs_11_dos_protection.conf) provide the same protection? Or it's just a matter of preference? The sites are not very high traffic normally. Thank you for your answers, Martynas

Read the article
How is this modsec rule getting triggered?

- by BipedalShark

I made a GET request to the URL, http://domain.tld/test/docs/index.php?create_table=1&step=2 and got a 403 response code. It turns out this modsec rule is getting triggered: Access denied with code 403 (phase 2). Pattern match "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" at ARGS:gltr_redir. [file "/opt/mod_security/10_asl_rules.conf"] [line "827"] [id "340153"] [rev "22"] [msg "Generic PHP code injection protection via ARGS 3"] [severity "CRITICAL"] I would assume ARGS refers to GET/POST data, but there's no gltr_redir in the query string. And, being a GET request, there's obviously no POST data. So how is this rule being triggered?

Read the article
Disable modsec2 blacklist rule for specific hostname

- by KevinL

I have a server running Apache2 with mod_security2. In modsec2.user.conf, there is a blacklist rule: ###BLACKLIST### SecRule REQUEST_URI "mkdir" I need to disable that rule for just one hostname on the server. I realize I could just remove it entirely but I'd rather keep it on for the other sites. I realize you can use the SecRuleRemoveByID directive, based on each rule's ID, but as you can see above, this has no ID, it's just a string. How do I disable that rule for just www.example.com, is there something I can do in custom.conf, whitelist.conf or exclude.conf ?

Read the article
Why does mod_security require an ACCEPT HTTP header field?

- by ripper234

After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

Read the article
Apache Never runs after configuring eAccelerator and FastCGI

- by Shoaibi

I recently configured accelerator and fastcgi with apache using: http://secure-ubuntu-server.blogspot.com/2009/07/howto-performance-tuning-of-lamp-and.html Now my Apache never starts. Logs shows: Mon Jul 20 16:12:24 2009] [notice] ModSecurity for Apache/2.5.6 (http://www.modsecurity.org/) configured. [Mon Jul 20 16:12:25 2009] [notice] FastCGI: process manager initialized (pid 10919) [Mon Jul 20 16:12:25 2009] [alert] FastCGI: read() from pipe failed (0) [Mon Jul 20 16:12:25 2009] [alert] FastCGI: the PM is shutting down, Apache seems to have disappeared - bye

Read the article
What is the difference between an Audit Log and a regular Log (In the context of mod_security)?

- by Josh

I am using mod_security: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.pdf What is the difference between and audit log (audit trail) and a normal log? I read on wikipedia that an audit log is a log of user activity, if this is the case what would you need another log for - is it for system based issues?

Read the article
Apache Mod SVN Access Forbidden

- by Cerin

How do you resolve the error svn: access to '/repos/!svn/vcc/default' forbidden? I recently upgraded a Fedora 13 server to 16, and now I'm trying to debug an access error with a Subversion server running on using Apache with mod_dav_svn. Running: svn ls http://myserver/repos/myproject/trunk Lists the correct files. But when I go to commit, I get the error: svn: access to '/repos/!svn/vcc/default' forbidden My Apache virtualhost for svn is: <VirtualHost *:80> ServerName svn.mydomain.com ServerAlias svn DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <Location /repos> Order allow,deny Allow from all DAV svn SVNPath /var/svn/repos SVNAutoversioning On # Authenticate with Kerberos AuthType Kerberos AuthName "Subversion Repository" KrbAuthRealms mydomain.com Krb5KeyTab /etc/httpd/conf/krb5.HTTP.keytab # Get people from LDAP AuthLDAPUrl ldap://ldap.mydomain.com/ou=people,dc=mydomain,dc=corp?uid # For any operations other than these, require an authenticated user. <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> </VirtualHost> What's causing this error? EDIT: In my /var/log/httpd/error_log I'm seeing a lot of these: [Fri Jun 22 13:22:51 2012] [error] [client 10.157.10.144] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=, XSS=): Method is not allowed by policy"] [hostname "svn.mydomain.com"] [uri "/repos/!svn/act/0510a2b7-9bbe-4f8c-b928-406f6ac38ff2"] [unique_id "T@Sp638DCAEBBCyGfioAAABK"] I'm not entirely sure how to read this, but I'm interpreting "Method is not allowed by policy" as meaning that there's some security Apache module that might be blocking access. How do I change this?

Read the article
CPANEL ModSec2 not working with SecFilterSelective

- by jfreak53

Ok, I have cPanel/WHM latest on a Dedi, here are my specs on apache: Server version: Apache/2.2.23 (Unix) Server built: Oct 13 2012 19:33:23 Cpanel::Easy::Apache v3.14.13 rev9999 I just ran a re-compile using easyapache as you can see by the date. When running it I made sure that ModSec was selected and it stated in big bold letters something to the effect of If you install Apache 2.2.x you get ModSec 2 So I believed it :) I recompiled, I then ran: grep -i release /home/cpeasyapache/src/modsecurity-apache_2.6.8/apache2/mod_security2.c Hmm, the file is there but grep doesn't output anything, if I run: grep -i release /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c I of course get the ModSec 1 version output. But the thing is that ModSec2 is installed since the c file is there. So I continued and put the following in modsec2.user.conf: SecFilterScanOutput On SecFilterSelective OUTPUT "text" Now when I restart Apache I get this error: Syntax error on line 1087 of /usr/local/apache/conf/modsec2.user.conf: Invalid command 'SecFilterScanOutput', perhaps misspelled or defined by a module not included in the server configuration Now supposedly this is supposed to work, I even have it running in ModSec2 on a non-cpanel server setup manually. So I know ModSec2 supports it. Anyone have any ideas? I have asked this question over at cpanel forum and it got nowhere.

Read the article
Can you rely on Nginx as your only webserver for php/mysql

- by Saif Bechan

Can you rely on Nginx to be your only webserver. I know in terms of performance it works well, but how does it do in terms of security. I know Apache is stable and has ModSecurity. This is not the case for Nginx. I am going to use Nginx as only webserver, and only for dynamic content. All my static content is delivered by a CDN.

Read the article
Mod_security Logging

- by Hekuran S. Doli

Im trying to run mod_security as standalone service with nginx as reverse proxy everything works fine except logging. Mod_security logs reverse proxys ip addres instead of clients ip address. I would appreciate if someone can help. The following is an example of logfile where mod_security is logging 127.0.0.1 instead of clients ip address. 2012/08/29 14:18:13 [info] 206862#0: [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match ...

Read the article
Server Security

- by mahatmanich

I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

Read the article
PCRE limits exceeded, but triggering rules are SQL related

- by Wolfe

[Mon Oct 15 17:12:13 2012] [error] [client xx.xx.xx.xx] ModSecurity: Rule 1d4ad30 [id "300014"][file "/usr/local/apache/conf/modsec2.user.conf"][line "349"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/admin.php"] [unique_id "UHx8LEUQwYEAAGutKkUAAAEQ"] And similar are spamming my error log for apache. It's only the admin side.. and only these two lines in the config: line 349: #Generic SQL sigs SecRule ARGS "(or.+1[[:space:]]*=[[:space:]]1|(or 1=1|'.+)--')" "id:300014,rev:1,severity:2,msg:'Generic SQL injection protection'" And line 356: SecRule ARGS "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)" Is there a way to fix this problem? Can someone explain what is going on or if these rules are even valid to cause this error? I know it's supposedly a recursion protection.. but these protect against SQL injection so I'm confused.

Read the article
Debian pure-ftpd, Restrict access

- by durduvakis

I am running Debian Wheezy, with ISPConfig 3, plus ModSecurity and I would like to restrict access to ftp to specific IP(s) globally (not to specific ftp users only), that can be either 127.0.0.1 or one I would manually add later. I would also like to completely disable ftp access from the web, but allow only from ftp-client software (if that is possible). The idea of closing firewall ports is not what I want. I know I can do this setting some firewall rule though, but that is not what I currently need. I have managed to do this for example on phpmyadmin inside it's .conf file, but unfortunately I cannot find any configuration to alter for pure-ftpd in my system. Restricting web-ftp access maybe possible by adding some rule in apache2 conf, but I am not sure how to write such a rule. Thanks to everyone that can help cheers

Read the article
Add "secure" in cookie by httpd server

- by Abhishek

How do I have to configure my httpd server to add "Secure" in the cookies? I tried the one in the below link, http://blog.modsecurity.org/2008/12/fixing-both-missing-httponly-and-secure-cookie-flags.html but this did not seem to be working. I inspected the cookie via firebug and found that the cookies have "HttpOnly" but not "Secure". I double checked the configurations and they the same as mentioned in the link. I also noticed that the server response time goes bit high when doing it by mod_security. Is there a better way to do it? Any ideas or pointers to configurations would be helpful

Read the article
Server Security

- by mahatmanich

I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

Read the article

Search Results

Search found 30 results on 2 pages for 'modsecurity'.

Page 1/2 | 1 2 | Next Page >

- by user146481

- by autonomatt

- by tommytwoeyes

- by TechMedicNYC

- by Ashish

- by Saif Bechan

- by Ali Ahmad

- by zensys

- by max87

- by Saif Bechan

- by Martynas Sušinskas

- by BipedalShark

- by KevinL

- by ripper234

- by Shoaibi

- by Josh

- by Cerin

- by jfreak53

- by Saif Bechan

- by Hekuran S. Doli

- by mahatmanich

- by Wolfe

- by durduvakis

- by Abhishek

- by mahatmanich

1 2 | Next Page >