The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security filtering Output Content

Discussion in 'Security' started by jfreak53, Feb 25, 2012.

  1. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    These are my version's:

    Httpd:

    I am trying to get mod_security to filter output content in an HTML page. I have tried putting this:

    In many different files with no success:

    /usr/local/apache/conf/includes/pre_main_2.conf
    /usr/local/apache/conf/httpd.conf
    /usr/local/apache/conf/modsec2.conf
    /usr/local/apache/conf/mod_security.conf

    None of those files seem to allow this to work. Once I insert the code above in one of those files I restart httpd then I run an html page on one of my domains with that content, and all works fine.

    So it's not filtering. Am I missing something? Or is it in the wrong place? Thanks.
     
  2. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi,

    Did you tried these rules in .htaccess of your particular domain ?
     
  3. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    No, I want it to work server wide not just one domain. Thanks.
     
  4. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Any thoughts?
     
  5. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I thought modsecurity 1.9.5 was for earlier releases of Apache. Are you sure you aren't using modsecurity 2.6.3 on your Apache 2.2.21? I think EasyApache by default compiles modsecurity 2.6.3 if you choose to install modsecurity via EasyApache. What you're referencing is modsecurity 1.9.5.

    Also, if you want it to work serverwide, shouldn't you be putting those options in the modsec2.user.conf file?

    Typically with Apache 2.2.x you'd be using Modsecurity 2.x. And you'd have /usr/local/apache/conf/modsec2.conf. And modsec2.conf (which may be modified during EasyApache builds) then calls modsec2.user.conf [where you would put your own specific custom settings for serverwide options in modsecurity].

    mike

    Mike
     
  6. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Yes, it's 1.9.5, and I have recompiled apache and that is always what it compiles to. The version's above are the ones that it spits out when I check version information.

    When I put the commands above in the user.conf file and restart httpd this is what I get:

    Selection_001.png
     
  7. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Modsecurity 1.9.5 can't filter output. That capability wasn't add until the 2.x tree, so you'll need modsecurity 2.x to do that with modsecurity (2.6.5 is the latest stable version). If you want to filter output, and you must use modsecurity 1.9.x you will need to use a different tool like mod_sed. Heres an example of how to do that with mod_sed:

    http://www.gotroot.com/downloads/ftp/iframe/00_ASL_iframe_protection.conf
    http://www.gotroot.com/downloads/ftp/iframe/remove-bad-iframes.txt

    More advanced mod_sed rules combined with mod_security rules are available here:

    https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules

    The 99_asl_redactor.conf contains the most up to date mod_sed rules.
     
Loading...

Share This Page