Rules for mod_security2
I used to use Hostmerit's ruleset for mod_security, but it won't work with mod_security2. Does anyone know of some good rulesets for mod_security2? I tried the ones on gotroot.org, but they end up breaking apache so that it throws 500 errors for everything.
We had so many custom rules under modsecurity_1 and then they go and totally re-write the modsecurity_2 rule syntax. I spent a couple hours playing with it and gave up and just installed the rules they provide:
http://www.modsecurity.org/download/direct.html
We had to go in and disable a few things for frontpage and whatnot but I just couldnt deal with all the rewriting of my old stuff.
"A dog has raised it’s hind leg on the age of nevermore !"
-- Rolf
nyjimbo did you have any problems with the default rules, I am having this problem
2007-09-14 15:43:11 ::1 / HTTP/1.0 Access denied with code 406 (phase 2). Invalid Unicode encoding: invalid byte value in character. [id "950801"] [msg "UTF8 Encoding Abuse Attack Attempt"] [severity "WARNING"] 406
but i do not know who the client ::1 is there is no ip either so I think it must be something running on the server have you got any ideas
i get this in respect to this client in apache error logs not sure if it is related
[info] [client ::1] (32)Broken pipe: core_output_filter: writing data to the network
thanks
Mark
Last edited by swampy; 09-14-2007 at 11:49 AM.
Just remember approx 90% will break cPAnel / Frontpage / Your clients scripts functionality. Double check every rle you put in and know what it does.Originally Posted by cooldude7273
gotroot.com has a ton of rules of mod_sec 2
→ Number1Host.net
→ Shared, Reseller, and Dedicated Hosting
→ Server Setup, Management, and Security
→ The Web's Number 1 Host - Number1Host.net
Well, I installed the rules on the mod_security website, and I get this error:
Error creating rule: Unknown variable: XML
The only thing I could find on Google was an apache forum where someone was complaining that libxml was not being installed, but I have libxml2.so.
Thanks for the link.
In the meantime, I deleted the lines that included xml:* and everything works. It has to be something with the way that libxml is being compiled...
I just looked at the Makefile in the mod_security installation directory. It does not include the DEFS = -DWITH_LIBXML2 line. Is this an oversight by the cPanel team, or is it intentional?
I have transleted the Mod_security rules from Kris S. - HostMerit.com to the mod_security2
You can download it here:
http://www.TimmiT.nl/modsec2.user.conf
Please report if I transleted something wrong.
apache won't restart with this rule set running
Anyone got any good modsec2 rules? Seems that gotroot.com is more or less missing in action - no updates for a year or so and no posts on the forum for a good while.
What does apache configtest say?
We didn't encounter that problem on all our servers...
I have try the rules and I was in the putty and use command line edit the file and paste all the rules to the modsec2.user.conf file, I failed restart apache cause there are some lines wraped, maybe his problem is caused by that.
After using configserver's CSF interface in WHM to edit the file and submit again, apache runs fine on my box.
Thanks.
a little tip:
When you start Pico, you can include a command that will turn off word wrap and allow you to edit long lines. To do this, at the Unix prompt, enter:
pico -w filename
LinkBack URL
About LinkBacks
Reply With Quote