Threaded Mode | Linear Mode

hxbro · 04-22-2008 01:57 AM

You'll have to do a lot of tweaking with the gotroot rules, you'll need to monitor daily your mod security log to see what's been blocked, and tweak the rules to make them work.

hYemac · 05-03-2008 11:08 AM

having issues .. system debian..

checking for strstr... yes
checking for strtol... yes
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/bin/apxs
configure: checking httpd version
configure: error: apache is too old
./configure: line 5051: exit: mmn: numeric argument required
./configure: line 5051: exit: mmn: numeric argument required

does are the inputs on

./configure && make && make install

thank you..

hxbro · 05-03-2008 11:02 PM

apache is out of date, you should be running 2.x at least I think, preferably 2.2.x

What version of debian and apache are you running?

Do you update your system regularly using :

apt-get update && apt-get upgrade

?

Quemeros · 05-08-2008 10:45 AM

I finish install mod_security but... now Apache reports that it are: "Apache/2.2.0 (Fedora) mod_fastcgi/2.4.2"... but the server si (like my signature say) a Debian Etch 2.2.4 :S (last remember)... it is normal :S?

~~mafia~~ · 05-10-2008 04:09 AM

bonjour

je viens install le mod security

voila erreur

ebian:/tmp# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)...apache2: Syntax error on line 195 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/conf.d/mod-security2.conf: Include takes one argument, Name of the config file to be included
failed!
debian:/tmp#

/etc/apache2/conf.d/mod-security2.conf
include /etc/modsecurity2 /*. conf

merci

**Zothos** · 05-10-2008 04:52 AM

include /etc/modsecurity2 /*. conf -> include /etc/modsecurity2/*. conf

~~mafia~~ · 05-10-2008 06:25 PM

je fait quoi j ai pas compris merci

greatman · 05-12-2008 02:15 AM

ton include est mal fait il doit etre comme sa: include /etc/modsecurity/*.conf

P.S: T'aura plus de chance dans le forum fr que dans le english Tongue

fulltilt · 05-12-2008 08:41 PM

i need to exclude a rule in useragents.conf for a cron script:

Code:

#Blocks scripts

SecRule HTTP_User-Agent lwp

but this rule have no ID - how can i set this in exclude.conf ...
Can i use "lwp" instead of a ID Number here?

Code:

#cron

<LocationMatch "/cron_jobs/main_cron.php">

  SecRuleRemoveById lwp

</LocationMatch>

tassoman · 06-03-2008 05:30 AM

how to test if rules are working flawless?

Threaded Mode \| Linear Mode [HowTo] Mod Security on debian
Author	Message