httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien Gerhards <>
Subject [users@httpd] mod_security
Date Wed, 06 May 2009 10:17:52 GMT

I try to use mod_security but it doesn t filter anything !
My vhostconf :

<VirtualHost *:80>
    ServerSignature Off
    ServerName cache-ext
    ErrorLog logs/cache-ext_error.log
    CustomLog logs/cache-ext_access.log combined
   <IfModule mod_proxy.c>
      <LocationMatch "^[^/]">
         Deny from all
      <IfModule mod_rewrite.c>
         RewriteEngine On
#        RewriteCond %{REQUEST_URI} ^/img=(.+)$
         RewriteRule ^/img=(.+)$ $1 [L,P]
         RewriteLog /var/log/RewriteLog.log
         RewriteRule ^[/img=](.+)$ - [F]
      AllowEncodedSlashes on
      ProxyRequests On
      ProxyVia On
      <IfModule mod_disk_cache.c>
         CacheEnable disk /
         CacheRoot "/var/cache/mod_proxy"
      <IfModule mod_mem_cache.c>
         CacheEnable mem /
         MCacheMaxObjectSize 1024000
         MCacheSize 102400
      <proxy *>
    #     deny from all
      <proxymatch ^/img=(.+)$>
         allow from all
     <IfModule mod_security.c>
        SecFilterEngine On
        SecFilterDefaultAction "deny,log,status:403"
        SecFilterDebugLevel 9
        SecAuditLog logs/audit_log

It should respond me an 403 error for every URL with a in the URL.

Any ideas?

View raw message