Page 1 of 1
Directory index forbidden
Posted: Wed Apr 28, 2010 7:36 am
by everclear
Is it possible to tell mod_security not to log errors direct from Apache. I see client sites that have issues cause the following error..
Code: Select all
Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.3/modules/generators/mod_autoindex.c"] [line 2274] [level 3] Directory index forbidden by Options directive: /path/to/dir/, referer: http://www.example.com/referer
Apache-Handler: httpd/unix-directory
These aren't really security issues and produce a lot of logging, especially in the Z section. Any advice appreciated.
Re: Directory index forbidden
Posted: Wed Apr 28, 2010 10:02 am
by scott
In ASL these are classified as level 5 alerts and dont show up by default
Re: Directory index forbidden
Posted: Thu Apr 29, 2010 8:21 am
by everclear
AH. I guess I should take from your answer, that there is no way to stop it being logged.
Re: Directory index forbidden
Posted: Thu Apr 29, 2010 8:35 am
by faris
Yeah, our report emails are nearly 300Kb each, once per hour per machine, due to ossec logging everything. It is a PITA.
I understand that this issue is not going to happen in 2.2.6 though - I can't wait for it to come out
It is in -testing if you want to have a go now.
Faris.
Re: Directory index forbidden
Posted: Thu Apr 29, 2010 8:37 am
by biggles
Sorry for asking what might be a stupid question, but but isn't there a rule number indicating which rule is being triggered? What about disabling/modifying that rule?
Re: Directory index forbidden
Posted: Thu Apr 29, 2010 9:17 am
by scott
No because its not coming from mod_security, its just a general apache error code (401 auth denied, 403 from a directory index forbidden, etc)
Re: Directory index forbidden
Posted: Mon Jun 28, 2010 10:02 pm
by aus-city
Set up a script using sed to remove them from the logs