css not loading - ASL-Lite
css not loading - ASL-Lite
Just starting with ASL-Lite on an existing site and trying to figure out some of the glitches. It looks like sometimes the pages are loading without the css but not all the time. Has anyone seen this before? I see no error in the logs.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
What do you see in your audit_log?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: css not loading - ASL-Lite
There is nothing that would indicate an error at:
/etc/httpd/logs/audit_log
or
/var/asl/data/audit/20110314
/etc/httpd/logs/audit_log
or
/var/asl/data/audit/20110314
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
So no events, if so then modsecurity isnt blocking anything and isnt the cause. Thats assuming your system is logging modsec events, just to be sure, do a quick test to see if its logged:
wget http://localhost/foo.php?foo=http://www ... e.com/test
And see if you get an audit event for that.
What rules do you have loaded?
wget http://localhost/foo.php?foo=http://www ... e.com/test
And see if you get an audit event for that.
What rules do you have loaded?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: css not loading - ASL-Lite
Yes, the system is logging modsec events.
It seems like the css not loading and now also blank php pages happen when our IP is whitelisted.
I'm using the default rules.
It seems like the css not loading and now also blank php pages happen when our IP is whitelisted.
I'm using the default rules.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
OK, so logging is setup right. What web server are you using?
If you are using Apache, and the modsecurity rules arent logging anything then they arent blocking anything. If you are using Litespeed, see this article:
https://www.atomicorp.com/wiki/index.php/Litespeed
If you are using Apache, are you using the redaction rules by any chance? Anything with the names:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf
If you aren't using ASL, then dont load those. Your need ASL for those rules to work.
If you dont have any of the redactor rules loaded, and you dont see modsecurity blocking anything then you can rule out the rules as the cause.
If you are using Apache, and the modsecurity rules arent logging anything then they arent blocking anything. If you are using Litespeed, see this article:
https://www.atomicorp.com/wiki/index.php/Litespeed
If you are using Apache, are you using the redaction rules by any chance? Anything with the names:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf
If you aren't using ASL, then dont load those. Your need ASL for those rules to work.
If you dont have any of the redactor rules loaded, and you dont see modsecurity blocking anything then you can rule out the rules as the cause.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: css not loading - ASL-Lite
I'm using Apache and yes logging is set up and working.
In /etc/asl/config I have this:
MODSEC_99_REDACTOR="yes"
Does this mean I'm using the redaction rules?
There are no redaction rules in /etc/httpd/modsecurity.d.
In /var/asl/rules/modsec I have:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf
Should I get rid of them if I'm just using ASL-Lite?
In /etc/asl/config I have this:
MODSEC_99_REDACTOR="yes"
Does this mean I'm using the redaction rules?
There are no redaction rules in /etc/httpd/modsecurity.d.
In /var/asl/rules/modsec I have:
99_asl_a_redactor.conf
99_asl_redactor.conf
99_asl_redactor_post.conf
Should I get rid of them if I'm just using ASL-Lite?
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
I believe you are using cpanel (correct me if I'm wrong), if so just make sure that your cpanel apache configs are not loading the redactor rules. You can ignore them being anywhere else, ASL-Lite will still download them.
But they shouldnt be loaded by default, so its extremely unlikely this is your issue. So have you tried disabling mod_security to see if that is in fact the source of your issue?
But they shouldnt be loaded by default, so its extremely unlikely this is your issue. So have you tried disabling mod_security to see if that is in fact the source of your issue?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: css not loading - ASL-Lite
I'm not using cpanel.
The pattern seems to be that when our IP is whitelisted pages sometimes load strangely or sometimes not at all with no message in the logs (on normal pages like index.php, not on urls that might get caught by the rules). If I take our IP out of the whitelist and restart apache the pages load as expected again.
The pattern seems to be that when our IP is whitelisted pages sometimes load strangely or sometimes not at all with no message in the logs (on normal pages like index.php, not on urls that might get caught by the rules). If I take our IP out of the whitelist and restart apache the pages load as expected again.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
Hmmm, so if its whitelisting, then its not the rules. Sounds like something else, maybe an issue with a module or build or library. As you aren't using ASL, what version of mod_security are you using?
Are you using some other module that might be blocking something, like suhosin, mod_evasive, etc?
And what do you see when you put mod_security into debug mode?
Also, are you triggering some rules that is requiring you to whitelist those systems?
Are you using some other module that might be blocking something, like suhosin, mod_evasive, etc?
And what do you see when you put mod_security into debug mode?
Also, are you triggering some rules that is requiring you to whitelist those systems?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: css not loading - ASL-Lite
Are you using mod_security from the atomic channel? Or did you roll your own?
Re: css not loading - ASL-Lite
Scott, yes I am using mod_security from atomic channel.
Re: css not loading - ASL-Lite
MikeShinn,
Looks like in /etc/asl/VERSION I have the line MODSEC_VERSION=201103161326
I'm not using any other modules like suhosin or mod_evasive that might be blocking something.
I'm not sure how to put mod_security into debug mode.
Yes, I was trying to whitelist because one of our applications used only by internal users is tripping some rules. I'm trying to figure out if it is a false positive or if it is sloppy coding.
Looks like in /etc/asl/VERSION I have the line MODSEC_VERSION=201103161326
I'm not using any other modules like suhosin or mod_evasive that might be blocking something.
I'm not sure how to put mod_security into debug mode.
Yes, I was trying to whitelist because one of our applications used only by internal users is tripping some rules. I'm trying to figure out if it is a false positive or if it is sloppy coding.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: css not loading - ASL-Lite
OK, since you arent using ASL, is it safe to assume you setup your own modsecurity configuration? If you did, did you follow the instructions at the link below to configure it:
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Is your configuration exactly as described on that page? If not, what is changed?
Are you using any other rules?
Have you modified any of the rules?
modsecurity will always log anything it does, so if its not logging anything something is either wrong with its configuration, or something else is causing your 404s.
And make sure you are checking /var/log/http/audit_log, the Apache error_log is of no help.
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Is your configuration exactly as described on that page? If not, what is changed?
Are you using any other rules?
Have you modified any of the rules?
modsecurity will always log anything it does, so if its not logging anything something is either wrong with its configuration, or something else is causing your 404s.
And make sure you are checking /var/log/http/audit_log, the Apache error_log is of no help.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone