Search found 17 matches
- Fri Nov 07, 2014 11:13 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Where is the Real Time Rules CHANGELOG???
- Replies: 6
- Views: 16026
Re: Where is the Real Time Rules CHANGELOG???
I don't remember suggesting or implying that. You might have incorrectly inferred it. To go back to my OP, a plain text, human readable description of the changes to the rules are far more digestible for me than having to spend time analysing the regex of each and every rule change that pops up from...
- Fri Nov 07, 2014 3:17 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Where is the Real Time Rules CHANGELOG???
- Replies: 6
- Views: 16026
Re: Where is the Real Time Rules CHANGELOG???
That would make sense if Atomic aren't going to supply the info.
- Thu Nov 06, 2014 3:13 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Where is the Real Time Rules CHANGELOG???
- Replies: 6
- Views: 16026
Re: Where is the Real Time Rules CHANGELOG???
Thanks Mike - that's very useful - however, it would be VERY useful to know which rule numbers were updated, so at least we can look at the code. Either that or more specific references regarding the vulnerabilities being addressed, as there is scope for ambiguity.
- Wed Nov 05, 2014 6:49 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Where is the Real Time Rules CHANGELOG???
- Replies: 6
- Views: 16026
Where is the Real Time Rules CHANGELOG???
Hi,
I've looked high and low but can't find a changelog for the rules - this will help us know which JIT patches were in place at what time - something our customers regularly ask. Sorry if I have overlooked it!
I've looked high and low but can't find a changelog for the rules - this will help us know which JIT patches were in place at what time - something our customers regularly ask. Sorry if I have overlooked it!
- Wed Jul 09, 2014 2:26 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Output filter: Failed to read bucket (rc 70007)
- Replies: 6
- Views: 22011
Re: Output filter: Failed to read bucket (rc 70007)
First thing you need to do :twisted: LOL, we would if cPanel hadn't enforced ModSec 2.8... I found the problem... a customer was uploading images that were 9999 pixels tall into wordpress - the ensuing memory usage by GD trying to resize them was causing PHP to hit the max, (and or the execution ti...
- Mon Jul 07, 2014 3:04 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Output filter: Failed to read bucket (rc 70007)
- Replies: 6
- Views: 22011
Re: Output filter: Failed to read bucket (rc 70007)
I can guess what cPanel are going to say. Sorry to resurrect this thread, but I'm seeing this as well --0afe783d-H-- Message: Output filter: Failed to read bucket (rc 70007): The timeout specified has expired Stopwatch: 1404665969547273 393116380 (- - -) Stopwatch2: 1404665969547273 393116380; combi...
- Fri Jun 06, 2014 1:45 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Syntax error?
- Replies: 10
- Views: 12307
Re: Syntax error?
Don't tell me, go tell cPanel, or better yet, blog about how they have made a really dumb decision - they seem blissfully unaware, and have pushed it out to everyone... Doh!!!
- Thu Jun 05, 2014 5:37 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Syntax error?
- Replies: 10
- Views: 12307
Re: Syntax error?
Easier said than done... But I accept your reasoning.mikeshinn wrote: 2) use aum to install modsecurity. Which will install a version thats tested and works correctly
- Thu Jun 05, 2014 7:53 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Syntax error?
- Replies: 10
- Views: 12307
Re: Syntax error?
We recommend sticking with 2.7.7 Hi Scott, and thank you for taking time to pitch in. The problem for fleets running cpanel is that this is unavoidable with EasyApache. Given the impact this is no doubt going to have as more hosters happen to run EApache, I would be grateful if you could give this ...
- Thu Jun 05, 2014 5:10 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Syntax error?
- Replies: 10
- Views: 12307
Re: Syntax error?
I think I have found the cause, but I'm sat in a hospital on an ipad, so will have to look more closely when I'm in the office
https://github.com/SpiderLabs/ModSecurity/issues/706
https://github.com/SpiderLabs/ModSecurity/issues/706
- Thu Jun 05, 2014 5:00 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Syntax error?
- Replies: 10
- Views: 12307
Re: Syntax error?
We are seeing the same on each cpanel server we run easyapache on...
It would appear the current rule set is fine on machines that are still running 2.7.x but the machines that have 2.8 modsec are all throwing this same error. This is centos 6, fast cgi,
This is causing a lot of work...
It would appear the current rule set is fine on machines that are still running 2.7.x but the machines that have 2.8 modsec are all throwing this same error. This is centos 6, fast cgi,
This is causing a lot of work...
- Thu Jan 02, 2014 4:25 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Modsecurity Audit Log Section Explanation
- Replies: 6
- Views: 10156
Re: Modsecurity Audit Log Section Explanation
Bingo! Many thanks!mikeshinn wrote:https://www.atomicorp.com/wiki/index.ph ... itLogParts
- Thu Jan 02, 2014 2:20 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Modsecurity Audit Log Section Explanation
- Replies: 6
- Views: 10156
Re: Modsecurity Audit Log Section Explanation
Thanks Mike, but this leaves me with the original query, where can I find a definition of Section I? The article I referred to in my OP didn't cover Section I. I realise this isn't ASL specific, but I was hoping someone here might know the answer to this, and also why audit log sections that are cle...
- Thu Jan 02, 2014 5:52 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Modsecurity Audit Log Section Explanation
- Replies: 6
- Views: 10156
Re: Modsecurity Audit Log Section Explanation
You define what sections you want to log in your modsecurity configuration. Thank you for your reply. Yes, I know this much - modsec2.user.conf contains > SecAuditLogParts ABIFHZ I am trying to understand why many audit log entries contain Section C (which is not even defined in SecAuditLogParts) a...
- Tue Dec 31, 2013 4:42 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Modsecurity Audit Log Section Explanation
- Replies: 6
- Views: 10156
Modsecurity Audit Log Section Explanation
I see a number of interceptions using the Real Time Rules that end up being logged without a Section C at all - but with a Sections ABIFH - Section I is quite short - for example --709f8228-I-- port=33333×tamp=1373267&data=[a 40 character uuencoded string] This particular interception w...