Atomicorp

I don't remember suggesting or implying that. You might have incorrectly inferred it. To go back to my OP, a plain text, human readable description of the changes to the rules are far more digestible for me than having to spend time analysing the regex of each and every rule change that pops up from...

That would make sense if Atomic aren't going to supply the info.

Thanks Mike - that's very useful - however, it would be VERY useful to know which rule numbers were updated, so at least we can look at the code. Either that or more specific references regarding the vulnerabilities being addressed, as there is scope for ambiguity.

Hi,

I've looked high and low but can't find a changelog for the rules - this will help us know which JIT patches were in place at what time - something our customers regularly ask. Sorry if I have overlooked it!

First thing you need to do :twisted: LOL, we would if cPanel hadn't enforced ModSec 2.8... I found the problem... a customer was uploading images that were 9999 pixels tall into wordpress - the ensuing memory usage by GD trying to resize them was causing PHP to hit the max, (and or the execution ti...

I can guess what cPanel are going to say. Sorry to resurrect this thread, but I'm seeing this as well --0afe783d-H-- Message: Output filter: Failed to read bucket (rc 70007): The timeout specified has expired Stopwatch: 1404665969547273 393116380 (- - -) Stopwatch2: 1404665969547273 393116380; combi...

Don't tell me, go tell cPanel, or better yet, blog about how they have made a really dumb decision - they seem blissfully unaware, and have pushed it out to everyone... Doh!!!

mikeshinn wrote: 2) use aum to install modsecurity. Which will install a version thats tested and works correctly

Easier said than done... But I accept your reasoning.

We recommend sticking with 2.7.7 Hi Scott, and thank you for taking time to pitch in. The problem for fleets running cpanel is that this is unavoidable with EasyApache. Given the impact this is no doubt going to have as more hosters happen to run EApache, I would be grateful if you could give this ...

I think I have found the cause, but I'm sat in a hospital on an ipad, so will have to look more closely when I'm in the office

https://github.com/SpiderLabs/ModSecurity/issues/706

We are seeing the same on each cpanel server we run easyapache on...

It would appear the current rule set is fine on machines that are still running 2.7.x but the machines that have 2.8 modsec are all throwing this same error. This is centos 6, fast cgi,

This is causing a lot of work...

mikeshinn wrote:https://www.atomicorp.com/wiki/index.ph ... itLogParts

Bingo! Many thanks!

Thanks Mike, but this leaves me with the original query, where can I find a definition of Section I? The article I referred to in my OP didn't cover Section I. I realise this isn't ASL specific, but I was hoping someone here might know the answer to this, and also why audit log sections that are cle...

You define what sections you want to log in your modsecurity configuration. Thank you for your reply. Yes, I know this much - modsec2.user.conf contains > SecAuditLogParts ABIFHZ I am trying to understand why many audit log entries contain Section C (which is not even defined in SecAuditLogParts) a...

I see a number of interceptions using the Real Time Rules that end up being logged without a Section C at all - but with a Sections ABIFH - Section I is quite short - for example --709f8228-I-- port=33333&timestamp=1373267&data=[a 40 character uuencoded string] This particular interception w...