Hi,
I just purchased a subscription for your rules. I have 2 issues:
ISSUE NO 1
I have followed all the instructions for installing this on my cPanel server, however when I test using FQDN, I get a 404 error instead of 403. When I test with IP address then the rule works. See example below of how I am testing
http://xyz.abc.com/foo.php?foo=http://www.example.com (404 error) and no logs
http://IP address/foo.php?foo=http://www.example.com (403 error)
Can you please advice what could be causing this and how to correct this.
ISSUE NO 2
If I use SecAuditLogType Concurrent, I don't see log entries using ConfigServer ModSec Control - it says No entries found in /usr/local/apache/logs/modsec_audit.log.
When checked modsec_audit.log, there is just a standard 403 entry without showing any match to the ASL rules. However the apache error_log has an entry that show a match against an ASL rule.
Is there any way to correct this?
Gulam
Thanks
Gulam
Rules dont work with FQDN
-
- New Forum User
- Posts: 2
- Joined: Mon Dec 23, 2013 4:44 am
- Location: Tanzania
-
- New Forum User
- Posts: 2
- Joined: Mon Dec 23, 2013 4:44 am
- Location: Tanzania
Re: Rules dont work with FQDN
Hi,
This is how ISSUE 1 was resolved - in case someone faces a similar problem.
cPanel puts the following directive automatically in httpd.conf that disables mod_security.
<IfModule mod_security2.c>
SecRuleEngine Off <- THIS IS THE PROBLEM
</IfModule>
httpd.conf cannot be edited manually since its dynamically built each a new domain is created, etc - so no changes made to it will stick.
In order to permanently remove this directive, you need to create a custom template with your changes. This is how I did this:
1. cd /var/cpanel/templates/apache2_2 (u have to go to the dir for the apache that you use)
2. cp main.default main.local
3. Edit main.local, remove the lines
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
4. Rebuild httpd.conf using /scripts/rebuildhttpdconf
5. service httpd restart
Thanks
Gulam
This is how ISSUE 1 was resolved - in case someone faces a similar problem.
cPanel puts the following directive automatically in httpd.conf that disables mod_security.
<IfModule mod_security2.c>
SecRuleEngine Off <- THIS IS THE PROBLEM
</IfModule>
httpd.conf cannot be edited manually since its dynamically built each a new domain is created, etc - so no changes made to it will stick.
In order to permanently remove this directive, you need to create a custom template with your changes. This is how I did this:
1. cd /var/cpanel/templates/apache2_2 (u have to go to the dir for the apache that you use)
2. cp main.default main.local
3. Edit main.local, remove the lines
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
4. Rebuild httpd.conf using /scripts/rebuildhttpdconf
5. service httpd restart
Thanks
Gulam