'Re: [mod-security-users] Issue facing while configuring SSL inModsecurity'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Issue facing while configuring SSL inModsecurity
From:       Christian Folini <christian.folini () netnea ! com>
Date:       2016-06-23 10:41:57
Message-ID: 20160623104157.GA21168 () elias
[Download RAW message or body]

Gyana,

Am I getting you right:

- You connect via an Apache/ModSec RP to your tomcat server
- Connection basically works BUT
  - ModSec throws an error with regards to SecDataDir
  - Tomcat throws a java stack trace

I might be might be mistaken, but outside of the non-lethal
ModSec error, your Apache setup works and ModSec lets you
access Tomcat. Tomcat has a serious problem, though.

Usually, this is not related to the setup behind an Apache RP,
but you are connection to Apache via https and then to Tomcat
via http. So at least theoretically, this might be the reason
for the hiccup.

But whatever, the reason, this is the wrong place for Java/Tomcat
problems. Not because we do not want to help you, but because we
lack the expertise.

All things considered, if you see a backend error message when
you connect via an Apache RP, then the Apache RP basically works.

Good luck!

Christian



On Thu, Jun 23, 2016 at 03:45:22PM +0530, Gyana Ranjan Panigrahi wrote:
> Christian,
> 
> Yes i defined the SecDataDir.Still i am getting the same issue.
> 
> *Any clues for the same or do i need some more configuration which are
> required to work with SSL.*
> 
> 
> *Thanks n Regards*
> *Gyana*
> 
> On Thu, Jun 23, 2016 at 3:09 PM, Christian Folini <
> christian.folini@netnea.com> wrote:
> 
> > [image: Boxbe] <https://www.boxbe.com/overview> This message is eligible
> > for Automatic Cleanup! (christian.folini@netnea.com) Add cleanup rule
> > <https://www.boxbe.com/popup?url=https%3A%2F%2Fwww.boxbe.com%2Fcleanup%3Fkey%3DXZd \
> > lRQogkqffVZVL1OkoYdEu0b2oFOrdXTpyoMMbrDQ%253D%26token%3DuXiz8r6hlAszUzBoQzdkTZ4hBk \
> > 8TOd0txK3ZBAqyVnI0%252FMQN6A035Uh3G2p%252FolMry2n%252FuC2ag8qhbl2DnXRRIXdyHTy9TfL8 \
> > RUx4GZntBhA4BzbqKkV4cRnfi1FDAGRacTMNZDWWtGvQ0dceA5hKaA%253D%253D&tc_serial=2586420 \
> > 9944&tc_rand=454500691&utm_source=stf&utm_medium=email&utm_campaign=ANNO_CLEANUP_ADD&utm_content=001>
> >  | More info
> > <http://blog.boxbe.com/general/boxbe-automatic-cleanup?tc_serial=25864209944&tc_ra \
> > nd=454500691&utm_source=stf&utm_medium=email&utm_campaign=ANNO_CLEANUP_ADD&utm_content=001>
> >  
> > Gyana,
> > 
> > On Wed, Jun 22, 2016 at 08:45:42PM +0530, Gyana Ranjan Panigrahi wrote:
> > > ...
> > > error mesage in the error.log file  which
> > > says *ModSecurity:
> > > collection_retrieve_ex: Unable to retrieve collection (name "ip", key
> > > "10.134.13.194_ab775803b8ef89f18d921d5e20910c1a29cead08"). Use SecDataDir
> > > to define data directory first. [hostname "pangy01-w2k8vm2"].*
> > 
> > So, did you "Use SecDataDir to define data directory first"?
> > Because that seems to be the advice the error message is giving you.
> > 
> > To add a bit of background:
> > 
> > SecDataDir has to be defined, so ModSecurity can store its persistent
> > data.
> > 
> > The ModSecurity packages is distributed with a file named
> > modsecurity.conf-recommended
> > 
> > In this file, SecDataDir is defined as
> > SecDataDir /tmp/
> > 
> > /tmp is probably not the best location, but it's definitely functional
> > and enough to get rid of your problem.
> > 
> > It is also worth noting, that SecDataDir does not have a default value.
> > So either you define it, or your installation is broken. Hence the
> > error message above.
> > 
> > Best,
> > 
> > Christian
> > 
> > --
> > ModSecurity Training in London: Sep 22/23, 2016
> > https://www.feistyduck.com/training/modsecurity-training-course
> > mailto:christian.folini@netnea.com
> > twitter: @ChrFolini
> > 
> > 
> > ------------------------------------------------------------------------------
> > Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> > Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> > present their vision of the future. This family event has something for
> > everyone, including kids. Get more information and register today.
> > http://sdm.link/attshape
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
> > 
> > 
> 
> 
> -- 
> 
> *Best & RegardsGyana Ranjan Panigrahi*

> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape

> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/


-- 
ModSecurity Training in London: Sep 22/23, 2016
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.folini@netnea.com
twitter: @ChrFolini

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic