Page 1 of 1

css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 11:46 am
by mms93003
Just starting with ASL-Lite on an existing site and trying to figure out some of the glitches. It looks like sometimes the pages are loading without the css but not all the time. Has anyone seen this before? I see no error in the logs.

Re: css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 2:41 pm
by mikeshinn
What do you see in your audit_log?

Re: css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 3:11 pm
by mms93003
There is nothing that would indicate an error at:
/etc/httpd/logs/audit_log
or
/var/asl/data/audit/20110314

Re: css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 3:36 pm
by mikeshinn
So no events, if so then modsecurity isnt blocking anything and isnt the cause. Thats assuming your system is logging modsec events, just to be sure, do a quick test to see if its logged:

wget http://localhost/foo.php?foo=http://www ... e.com/test

And see if you get an audit event for that.

What rules do you have loaded?

Re: css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 5:50 pm
by mms93003
Yes, the system is logging modsec events.
It seems like the css not loading and now also blank php pages happen when our IP is whitelisted.
I'm using the default rules.

Re: css not loading - ASL-Lite

Posted: Mon Mar 14, 2011 8:30 pm
by mikeshinn
OK, so logging is setup right. What web server are you using?

If you are using Apache, and the modsecurity rules arent logging anything then they arent blocking anything. If you are using Litespeed, see this article:

https://www.atomicorp.com/wiki/index.php/Litespeed

If you are using Apache, are you using the redaction rules by any chance? Anything with the names:

99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

If you aren't using ASL, then dont load those. Your need ASL for those rules to work.

If you dont have any of the redactor rules loaded, and you dont see modsecurity blocking anything then you can rule out the rules as the cause.

Re: css not loading - ASL-Lite

Posted: Tue Mar 15, 2011 11:16 am
by mms93003
I'm using Apache and yes logging is set up and working.

In /etc/asl/config I have this:
MODSEC_99_REDACTOR="yes"
Does this mean I'm using the redaction rules?

There are no redaction rules in /etc/httpd/modsecurity.d.

In /var/asl/rules/modsec I have:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

Should I get rid of them if I'm just using ASL-Lite?

Re: css not loading - ASL-Lite

Posted: Tue Mar 15, 2011 12:03 pm
by mikeshinn
I believe you are using cpanel (correct me if I'm wrong), if so just make sure that your cpanel apache configs are not loading the redactor rules. You can ignore them being anywhere else, ASL-Lite will still download them.

But they shouldnt be loaded by default, so its extremely unlikely this is your issue. So have you tried disabling mod_security to see if that is in fact the source of your issue?

Re: css not loading - ASL-Lite

Posted: Tue Mar 15, 2011 2:21 pm
by mms93003
I'm not using cpanel.
The pattern seems to be that when our IP is whitelisted pages sometimes load strangely or sometimes not at all with no message in the logs (on normal pages like index.php, not on urls that might get caught by the rules). If I take our IP out of the whitelist and restart apache the pages load as expected again.

Re: css not loading - ASL-Lite

Posted: Tue Mar 15, 2011 2:58 pm
by mikeshinn
Hmmm, so if its whitelisting, then its not the rules. Sounds like something else, maybe an issue with a module or build or library. As you aren't using ASL, what version of mod_security are you using?

Are you using some other module that might be blocking something, like suhosin, mod_evasive, etc?

And what do you see when you put mod_security into debug mode?

Also, are you triggering some rules that is requiring you to whitelist those systems?

Re: css not loading - ASL-Lite

Posted: Wed Mar 16, 2011 8:55 am
by scott
Are you using mod_security from the atomic channel? Or did you roll your own?

Re: css not loading - ASL-Lite

Posted: Thu Mar 17, 2011 11:14 am
by mms93003
Scott, yes I am using mod_security from atomic channel.

Re: css not loading - ASL-Lite

Posted: Thu Mar 17, 2011 11:21 am
by mms93003
MikeShinn,
Looks like in /etc/asl/VERSION I have the line MODSEC_VERSION=201103161326
I'm not using any other modules like suhosin or mod_evasive that might be blocking something.
I'm not sure how to put mod_security into debug mode.
Yes, I was trying to whitelist because one of our applications used only by internal users is tripping some rules. I'm trying to figure out if it is a false positive or if it is sloppy coding.

Re: css not loading - ASL-Lite

Posted: Thu Mar 17, 2011 12:50 pm
by mikeshinn
OK, since you arent using ASL, is it safe to assume you setup your own modsecurity configuration? If you did, did you follow the instructions at the link below to configure it:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Is your configuration exactly as described on that page? If not, what is changed?

Are you using any other rules?

Have you modified any of the rules?

modsecurity will always log anything it does, so if its not logging anything something is either wrong with its configuration, or something else is causing your 404s.

And make sure you are checking /var/log/http/audit_log, the Apache error_log is of no help.