'Re: [mod-security-users] Ignore certain URL's?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Ignore certain URL's?
From:       "Ryan Barnett" <Ryan.Barnett () Breach ! com>
Date:       2008-06-22 15:27:47
Message-ID: 50E6558DF2E9624DA8DADDE0C50184860159A1FE () midas ! utopiasystems ! net
[Download RAW message or body]

Can you please clarify your exact problem?  The subject line and the body of your message don't seem to be in sync.  

Do you want to NOT run the HRS rules for some specific URLs?  


Thanks,
Ryan C. Barnett 

----- Original Message -----
From: mod-security-users-bounces@lists.sourceforge.net <mod-security-users-bounces@lists.sourceforge.net>
To: mod-security-users@lists.sourceforge.net <mod-security-users@lists.sourceforge.net>
Sent: Fri Jun 20 13:23:36 2008
Subject: [mod-security-users] Ignore certain URL's?

Greetings,
	We are currently trying to configure a test instance of mod_security so 
that it does not block for _certain_ http response splitting attacks. 
How can this be done?

Regards,
	Adriel T. Desautels
	Chief Technology Officer
	Netragard, LLC.
	Office : 617-934-0269
	Mobile : 617-633-3821
	http://www.linkedin.com/pub/1/118/a45

	Join the Netragard, LLC. Linked In Group:
	http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Joe Keegan wrote:
> I just double checked on our QA environment, which mod_security is 
> install and we don't have mod_unique_id. It's on our production and I 
> just assumed it was in QA.
> 
>  
> 
> Sorry to waste everyone's time.
> 
>  
> 
> Thanks,
> 
>  
> 
> Joe
> 
>  
> 
> *From:* Ryan Barnett [mailto:Ryan.Barnett@Breach.com]
> *Sent:* Thursday, June 19, 2008 12:27 PM
> *To:* Joe Keegan; mod-security-users@lists.sourceforge.net
> *Subject:* RE: [mod-security-users] mod_security 2.5.5 not working after 
> install
> 
>  
> 
> Joe,
> 
> What does the error_log say when you start up apache and then when you 
> send your requests?
> 
>  
> 
> This may or may not be related but another user recently was posting 
> with similar issues and he responded to me and said that his problem was 
> that he didn't have mod_unique_id installed.  Once he added it back in 
> everything worked fine.  Can you confirm if you have that installed?
> 
>  
> 
> -- 
> */Ryan C. Barnett
> /*ModSecurity Community Manager
> 
> Breach Security: Director of Application Security
> 
> Web Application Security Consortium (WASC) Member
> 
> CIS Apache Benchmark Project Lead
> 
> SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
> 
> Author: Preventing Web Attacks with Apache
> 
>  
> 
> ------------------------------------------------------------------------
> 
> *From:* mod-security-users-bounces@lists.sourceforge.net 
> [mailto:mod-security-users-bounces@lists.sourceforge.net] *On Behalf Of 
> *Joe Keegan
> *Sent:* Thursday, June 19, 2008 3:19 PM
> *To:* mod-security-users@lists.sourceforge.net
> *Subject:* [mod-security-users] mod_security 2.5.5 not working after install
> 
>  
> 
> I've followed the directions to install mod_security and the core rules, 
> but I must have missed something since it's not working. When trying to 
> tiger mod_security in testing  I tried "curl http://site.com/cmd.exe" 
> and "curl –A ‘paros' http://site.com" expecting something to get an 
> entry in the modsec_audit.log, but it's empty.
> 
>  
> 
> I've look through the archives a bit, but couldn't find anything too 
> useful, but hopefully I've provided the information  below that will be 
> helpful in troubleshooting this. I plan to up the SecDebugLogLevel to 9 
> to see if anything shows up, but I can't take down the web server for 
> testing till later. Any other suggestions would be awesome.
> 
>  
> 
> Thanks in advance for anyone who can help me troubleshoot.
> 
>  
> 
> -- System and file info –
> 
>  
> 
> # httpd -v
> 
> Server version: Apache/2.0.52
> 
> Server built:   Jan  5 2006 12:31:31
> 
> # uname -a
> 
> Linux saddleback.aravo.network 2.6.9-34.ELsmp #1 SMP Wed Mar 8 00:27:03 
> CST 2006 i686 i686 i386 GNU/Linux
> 
> # cat /etc/redhat-release
> 
> CentOS release 4.3 (Final)
> 
> # ls -l /usr/lib/libxml2*
> 
> -rw-r--r--  1 root root 1203320 Jan 14 04:01 /usr/lib/libxml2.a
> 
> -rwxr-xr-x  1 root root     801 Jan 14 04:00 /usr/lib/libxml2.la
> 
> lrwxrwxrwx  1 root root      17 Jun 18 19:04 /usr/lib/libxml2.so -> 
> libxml2.so.2.6.16
> 
> lrwxrwxrwx  1 root root      17 Jun 18 18:17 /usr/lib/libxml2.so.2 -> 
> libxml2.so.2.6.16
> 
> -rwxr-xr-x  1 root root  965920 Jan 14 04:01 /usr/lib/libxml2.so.2.6.16
> 
> # ls -l /usr/lib/liblua*
> 
> -rwxr-xr-x  1 root root 196832 Feb  1 05:26 /usr/lib/liblua5.1.a
> 
> -rwxr-xr-x  1 root root 156261 Feb  1 05:26 /usr/lib/liblua5.1.so
> 
>  
> 
> -- Apache config info --
> 
> # grep -i security /etc/httpd/conf/httpd.conf | grep -v \#
> 
> LoadModule security2_module modules/mod_security2.so
> 
> Include conf/modsecurity/*.conf
> 
> # grep LoadFile /etc/httpd/conf/httpd.conf
> 
> LoadFile /usr/lib/libxml2.so.2
> 
> LoadFile /usr/lib/liblua5.1.so
> 
>  
> 
> -- ModSecurity Conf --
> 
> # grep SecRuleEngine 
> /etc/httpd/conf/modsecurity/modsecurity_crs_10_config.conf
> 
> SecRuleEngine On
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic