[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] mod-security-users Digest, Vol 99, Issue 11
From: "Sandeep Kale (GRP00 - GROTH)" <Sandeep.SKale () igate ! com>
Date: 2014-08-05 13:11:37
Message-ID: 1407244479476.64346 () igate ! com
[Download RAW message or body]
Hi Felipe,
By default SecStreamInBodyInspection parameter was not present in the \
modsecurity.conf that I had on my server.
I tried adding and setting SecStreamInBodyInspection to On and it worked for me. I \
have also added the below parameters,
SecStreamOutBodyInspection On
SecStreamInBodyInspection On
SecContentInjection On
Thanks a lot !
Regards,
Sandeep Kale.
________________________________________
From: mod-security-users-request@lists.sourceforge.net \
<mod-security-users-request@lists.sourceforge.net>
Sent: Tuesday, August 5, 2014 4:24 AM
To: mod-security-users@lists.sourceforge.net
Subject: mod-security-users Digest, Vol 99, Issue 11
Send mod-security-users mailing list submissions to
mod-security-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/mod-security-users
or, via email, send a message with subject or body 'help' to
mod-security-users-request@lists.sourceforge.net
You can reach the person managing the list at
mod-security-users-owner@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of mod-security-users digest..."
Today's Topics:
1. Re: IIS modSecurity Problem (Sandeep Kale (GRP00 - GROTH))
2. domain names with specific prefix (Ehsan Mahdavi)
3. Re: domain names with specific prefix (Suresh Prajapati)
4. Re: domain names with specific prefix (Ehsan Mahdavi)
----------------------------------------------------------------------
Message: 1
Date: Tue, 5 Aug 2014 06:03:18 +0000
From: "Sandeep Kale (GRP00 - GROTH)" <Sandeep.SKale@igate.com>
Subject: Re: [mod-security-users] IIS modSecurity Problem
To: "mod-security-users@lists.sourceforge.net"
<mod-security-users@lists.sourceforge.net>
Cc: "Abhishek Tripathi \(GE\)" <Abhishek.Tripathi@igate.com>
Message-ID: <1407218597583.34816@igate.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Felipe,
My configurations are almost same as the defaults settings. Below are my findings.
Do you have SecRequestBodyAccess \
(https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRequestBodyAccess)
enabled or disabled?
Sandeep : Yes, This is enabled.
Dynamic compression is enabled in your server?.
Sandeep : I will check on this. Should I enable it if not ?
Do you have another IIS module installed in this very same server?
Sandeep : nope. I have only one website on this server. I have urlscan installed on \
this IIS.
Can you set SecStreamInBodyInspection to On and check if the problem persists?
(More information here: https://github.com/SpiderLabs/ModSecurity/issues/562)
Sandeep : I will check on this and give a try.
Thanks for your attention into this issue.
Regards,
Sandeep Kale.
?
________________________________
From: Sandeep Kale (GRP00 - GROTH)
Sent: Monday, August 4, 2014 11:05 AM
To: mod-security-users@lists.sourceforge.net
Cc: Abhishek Tripathi (GE)
Subject: RE: IIS modSecurity Problem
Hi ,
I have observed that when application uses GET method then it works fine but when we \
use POST method then we see that modSecurity is blocking the requests with default \
settings.
Is there any configuration settings to allow POST resquests as well or am I missing \
anything else ?
Regards,
Sandeep Kale.
________________________________
From: Sandeep Kale (GRP00 - GROTH)
Sent: Monday, August 4, 2014 5:07 AM
To: mod-security-users@lists.sourceforge.net
Cc: Abhishek Tripathi (GE)
Subject: IIS modSecurity Problem
Hi,
I have installed modSecurity 2.8.0 for IIS 7.5 on Windows Server? 2008 R2 server. We \
have CGI based web application running on this IIS.
After installtion we see that modSecurity is blocking all the request to web-server. \
The debug and Audit logs are enabled and we do not see much information as to why the \
requests are blocked.
I tried to intercept the request in burp suit and do not see the actual request sent \
to server. Hence it looks like the complete request is blocked.
Is there any configuration parameter to log everything that modSecurity is doing ?
Regards,
Sandeep Kale.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Disclaimer~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information contained and transmitted by this e-mail is confidential and proprietary \
to IGATE and its affiliates and is intended for use only by the recipient. If you are \
not the intended recipient, you are hereby notified that any dissemination, \
distribution, copying or use of this e-mail is strictly prohibited and you are \
requested to delete this e-mail immediately and notify the originator or \
mailadmin@igate.com <mailto:mailadmin@igate.com>. IGATE does not enter into any \
agreement with any party by e-mail. Any views expressed by an individual do not \
necessarily reflect the view of IGATE. IGATE is not responsible for the consequences \
of any actions taken on the basis of information provided, through this email. The \
contents of an attachment to this e-mail may contain software viruses, which could \
damage your own computer system. While IGATE has taken every reasonable precaution to \
minimise this risk, we cannot accept liability for any damage which you sustain as a \
result of software viruses. You should carry out your own virus checks before opening \
an attachment. To know more about IGATE please visit www.igate.com \
<http://www.igate.com>. \
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Tue, 5 Aug 2014 13:16:04 +0430
From: Ehsan Mahdavi <ehsan.mahdavi@gmail.com>
Subject: [mod-security-users] domain names with specific prefix
To: mod-security-users@lists.sourceforge.net
Message-ID:
<CAC7V=mz-xUk_L=LqeU-YbURPOasmERgS0CdeohfDuy48atKGjw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Greetings,
I am trying to protect a large domain containing many sub-domains all with
a specific post-fix on their names, e.g. site1.domain.com , site2.domain.com,
.... , siten.domain.com .
I am wondering if I can configure a reverse proxy so modsecurity will
protect something like *.domain.com?
P.S. I'm Using mod-security with apache.
P.S. Different domain names have different IP addresses.
--
regards
Ehsan.Mahdavi
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 3
Date: Tue, 5 Aug 2014 14:36:38 +0530
From: Suresh Prajapati <suresh.prajapati@bankbazaar.com>
Subject: Re: [mod-security-users] domain names with specific prefix
To: mod-security-users@lists.sourceforge.net
Message-ID:
<CA+g953MWPErYG56SYOzEti+2gs=YxUSssHSdz2Z6-kZPaAMx1w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Ehan,
If using Apache it will protect each virtualhost on the server. If you want
disable any virtual host from monitoring just include SecRuleenging off.
Regards,
Suresh
On Tue, Aug 5, 2014 at 2:16 PM, Ehsan Mahdavi <ehsan.mahdavi@gmail.com>
wrote:
> Greetings,
>
> I am trying to protect a large domain containing many sub-domains all with
> a specific post-fix on their names, e.g. site1.domain.com ,
> site2.domain.com, .... , siten.domain.com .
>
> I am wondering if I can configure a reverse proxy so modsecurity will
> protect something like *.domain.com?
>
> P.S. I'm Using mod-security with apache.
> P.S. Different domain names have different IP addresses.
>
> --
> regards
> Ehsan.Mahdavi
>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>
--
Thanks,
Suresh
Information Security Analyst
suresh.prajapati@bankbazaar.com
Mobile: +91 8884199479
DISCLAIMER:
Information contained and transmitted by this email including any
attachment is proprietary to BankBazaar.com and is intended solely for the
addressee/s, and may contain information that is privileged, confidential
or exempt from disclosure under applicable law. Access to this e-mail
and/or to the attachment by anyone else is unauthorized. If this is a
forwarded message, the content and the views expressed in this email may
not reflect those of BankBazaar.com. If you are not the intended recipient,
an agent of the intended recipient or a person responsible for delivering
the information to the named recipient, you are notified that any use,
distribution, transmission, printing, copying or dissemination of this
information in any way or in any manner is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 4
Date: Tue, 5 Aug 2014 13:54:37 +0430
From: Ehsan Mahdavi <ehsan.mahdavi@gmail.com>
Subject: Re: [mod-security-users] domain names with specific prefix
To: mod-security-users@lists.sourceforge.net
Message-ID:
<CAC7V=mwy=QEe3fhZ+LzLD=i2NYpCDh_+hh_AE+=A+Zwy_qcOSA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
What do you mean?
Do you mean that I must define a virtual host per domain name?
If yes, this is the common solution, and I was asking for something like a
virtual host(just one virtual host) which can support all domain names.
e.g. *.domain.com
On Tue, Aug 5, 2014 at 1:36 PM, Suresh Prajapati <
suresh.prajapati@bankbazaar.com> wrote:
> Ehan,
>
> If using Apache it will protect each virtualhost on the server. If you
> want disable any virtual host from monitoring just include SecRuleenging
> off.
>
> Regards,
> Suresh
>
>
> On Tue, Aug 5, 2014 at 2:16 PM, Ehsan Mahdavi <ehsan.mahdavi@gmail.com>
> wrote:
>
> > Greetings,
> >
> > I am trying to protect a large domain containing many sub-domains all
> > with a specific post-fix on their names, e.g. site1.domain.com ,
> > site2.domain.com, .... , siten.domain.com .
> >
> > I am wondering if I can configure a reverse proxy so modsecurity will
> > protect something like *.domain.com?
> >
> > P.S. I'm Using mod-security with apache.
> > P.S. Different domain names have different IP addresses.
> >
> > --
> > regards
> > Ehsan.Mahdavi
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
> >
> >
>
>
> --
> Thanks,
> Suresh
> Information Security Analyst
> suresh.prajapati@bankbazaar.com
> Mobile: +91 8884199479
> DISCLAIMER:
> Information contained and transmitted by this email including any
> attachment is proprietary to BankBazaar.com and is intended solely for the
> addressee/s, and may contain information that is privileged, confidential
> or exempt from disclosure under applicable law. Access to this e-mail
> and/or to the attachment by anyone else is unauthorized. If this is a
> forwarded message, the content and the views expressed in this email may
> not reflect those of BankBazaar.com. If you are not the intended recipient,
> an agent of the intended recipient or a person responsible for delivering
> the information to the named recipient, you are notified that any use,
> distribution, transmission, printing, copying or dissemination of this
> information in any way or in any manner is strictly prohibited.
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>
--
regards
Ehsan.Mahdavi
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
End of mod-security-users Digest, Vol 99, Issue 11
**************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Disclaimer~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information contained and transmitted by this e-mail is confidential and proprietary \
to IGATE and its affiliates and is intended for use only by the recipient. If you are \
not the intended recipient, you are hereby notified that any dissemination, \
distribution, copying or use of this e-mail is strictly prohibited and you are \
requested to delete this e-mail immediately and notify the originator or \
mailadmin@igate.com <mailto:mailadmin@igate.com>. IGATE does not enter into any \
agreement with any party by e-mail. Any views expressed by an individual do not \
necessarily reflect the view of IGATE. IGATE is not responsible for the consequences \
of any actions taken on the basis of information provided, through this email. The \
contents of an attachment to this e-mail may contain software viruses, which could \
damage your own computer system. While IGATE has taken every reasonable precaution to \
minimise this risk, we cannot accept liability for any damage which you sustain as a \
result of software viruses. You should carry out your own virus checks before opening \
an attachment. To know more about IGATE please visit www.igate.com \
<http://www.igate.com>. \
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic