mod-security – Page 9 – WindowsTechs.com

How to block for open Web Shell in my CentOS 6

Posted on January 16, 2020 by Квлади

I currently use mod_security in combination with maldec and block almost all attempts to upload shells, leading them to error 406. However, I found one “problem” if I upload Shell through an ftp client then I can use shell in hosting. my … Continue reading How to block for open Web Shell in my CentOS 6→

modsecurity nolog being ignored [on hold]

Posted on November 22, 2019 by Juan José Ivars

I have installed Apache+modsecurity+owaspcrs rules:

Apache: 2.4.41
libmodsecurity: v3/master
apache-connector: ModSecurity v3 Apache Connector
Owasp-rules: v3.3/dev

DOS protection is disabled by default. Despite that, I am… Continue reading modsecurity nolog being ignored [on hold]→

Modsecurity – OWASP CRS 901001

Posted on November 19, 2019 by user1801810

Ubuntu 18.04
Apache/2.4.29
ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0
modsecurity-crs 3.0.2-1

This is a new server. The following message appears in modsec_audit.log in every entry:

–c2d2e… Continue reading Modsecurity – OWASP CRS 901001→

mod_security flush persistence

Posted on May 22, 2019 by MrPip

I run a website with a resource & time consuming URL, say ~20 seconds per request. In the last few days this URL is being targeted by some kind of DoS attack, and I’m trying to use mod_security so none can abuse this URL. It makes no s… Continue reading mod_security flush persistence→

ClamAV detects virus in Modsec Audit logs

Posted on April 16, 2019 by Èl Sea

I have a Xen VM running Debian Stretch with Apache2 to play around with. I have installed ClamAV and Modsecurity (not doing anything just logging at the moment). I keep getting emails from ClamAV stating that it detects a vir… Continue reading ClamAV detects virus in Modsec Audit logs→

modsecurity rule RESPONSE_BODY not working [migrated]

Posted on March 27, 2019 by goron

Iam using apache2 on ubuntu 18.04 server running modsecurity 2.x

Appserver 192.168.4.4
WAF server 192.168.4.3

App Server /var/www/html/index.php

<?php
echo “hello”;
?>

Here is a simple rule blocking response … Continue reading modsecurity rule RESPONSE_BODY not working [migrated]→

How would I determine from looking at ModSecurity Logs real vs false detections? [on hold]

Posted on March 26, 2019 by ModSec User

I have a forum and a few (but not all) members are constantly being blocked.
Most often, they are blocked while trying link to photos on PhotoBucket.
ModSecurity shows considerable SQL Injection attacks when they try to do so… Continue reading How would I determine from looking at ModSecurity Logs real vs false detections? [on hold]→

Scripts for converting snort rules to mod_security rules [on hold]

Posted on February 28, 2019 by kst

I have known that there is a perl script that converts snort rules to mod_security rules, but I can’t find it anywhere.

Continue reading Scripts for converting snort rules to mod_security rules [on hold]→

How to block IPs in ModSecurity automatically

Posted on January 29, 2019 by a.j

I installed modsecurity on debian9.
How to block IPs In ModSecurity automatically?

Continue reading How to block IPs in ModSecurity automatically→

mod security rule to send email on every trigger

Posted on January 17, 2019 by Mehdi Nellen

I made a script that reads the log file of the modsec 3 module in apache.
It sends an email every 5 minutes with new triggers. I discovered that it is also possible to execute a script (e.g. send email) on a rule trigger (lin… Continue reading mod security rule to send email on every trigger→