css not loading - ASL-Lite

mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

css not loading - ASL-Lite

Unread post by mms93003 »

Just starting with ASL-Lite on an existing site and trying to figure out some of the glitches. It looks like sometimes the pages are loading without the css but not all the time. Has anyone seen this before? I see no error in the logs.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

What do you see in your audit_log?
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

There is nothing that would indicate an error at:
/etc/httpd/logs/audit_log
or
/var/asl/data/audit/20110314
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

So no events, if so then modsecurity isnt blocking anything and isnt the cause. Thats assuming your system is logging modsec events, just to be sure, do a quick test to see if its logged:

wget http://localhost/foo.php?foo=http://www ... e.com/test

And see if you get an audit event for that.

What rules do you have loaded?
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

Yes, the system is logging modsec events.
It seems like the css not loading and now also blank php pages happen when our IP is whitelisted.
I'm using the default rules.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

OK, so logging is setup right. What web server are you using?

If you are using Apache, and the modsecurity rules arent logging anything then they arent blocking anything. If you are using Litespeed, see this article:

https://www.atomicorp.com/wiki/index.php/Litespeed

If you are using Apache, are you using the redaction rules by any chance? Anything with the names:

99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

If you aren't using ASL, then dont load those. Your need ASL for those rules to work.

If you dont have any of the redactor rules loaded, and you dont see modsecurity blocking anything then you can rule out the rules as the cause.
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

I'm using Apache and yes logging is set up and working.

In /etc/asl/config I have this:
MODSEC_99_REDACTOR="yes"
Does this mean I'm using the redaction rules?

There are no redaction rules in /etc/httpd/modsecurity.d.

In /var/asl/rules/modsec I have:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf

Should I get rid of them if I'm just using ASL-Lite?
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

I believe you are using cpanel (correct me if I'm wrong), if so just make sure that your cpanel apache configs are not loading the redactor rules. You can ignore them being anywhere else, ASL-Lite will still download them.

But they shouldnt be loaded by default, so its extremely unlikely this is your issue. So have you tried disabling mod_security to see if that is in fact the source of your issue?
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

I'm not using cpanel.
The pattern seems to be that when our IP is whitelisted pages sometimes load strangely or sometimes not at all with no message in the logs (on normal pages like index.php, not on urls that might get caught by the rules). If I take our IP out of the whitelist and restart apache the pages load as expected again.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

Hmmm, so if its whitelisting, then its not the rules. Sounds like something else, maybe an issue with a module or build or library. As you aren't using ASL, what version of mod_security are you using?

Are you using some other module that might be blocking something, like suhosin, mod_evasive, etc?

And what do you see when you put mod_security into debug mode?

Also, are you triggering some rules that is requiring you to whitelist those systems?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: css not loading - ASL-Lite

Unread post by scott »

Are you using mod_security from the atomic channel? Or did you roll your own?
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

Scott, yes I am using mod_security from atomic channel.
mms93003
Forum User
Forum User
Posts: 8
Joined: Thu Mar 10, 2011 11:15 am
Location: massachusetts

Re: css not loading - ASL-Lite

Unread post by mms93003 »

MikeShinn,
Looks like in /etc/asl/VERSION I have the line MODSEC_VERSION=201103161326
I'm not using any other modules like suhosin or mod_evasive that might be blocking something.
I'm not sure how to put mod_security into debug mode.
Yes, I was trying to whitelist because one of our applications used only by internal users is tripping some rules. I'm trying to figure out if it is a false positive or if it is sloppy coding.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: css not loading - ASL-Lite

Unread post by mikeshinn »

OK, since you arent using ASL, is it safe to assume you setup your own modsecurity configuration? If you did, did you follow the instructions at the link below to configure it:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Is your configuration exactly as described on that page? If not, what is changed?

Are you using any other rules?

Have you modified any of the rules?

modsecurity will always log anything it does, so if its not logging anything something is either wrong with its configuration, or something else is causing your 404s.

And make sure you are checking /var/log/http/audit_log, the Apache error_log is of no help.
Post Reply