Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 35793 invoked from network); 6 May 2009 10:18:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 May 2009 10:18:30 -0000 Received: (qmail 91294 invoked by uid 500); 6 May 2009 10:18:26 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 91248 invoked by uid 500); 6 May 2009 10:18:26 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 91239 invoked by uid 99); 6 May 2009 10:18:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 May 2009 10:18:26 +0000 X-ASF-Spam-Status: No, hits=3.4 required=10.0 tests=HTML_MESSAGE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [213.30.181.120] (HELO mx01.r-globalnetwork.com) (213.30.181.120) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 May 2009 10:18:16 +0000 Received: from mx00.r-globalnetwork.com (192.168.100.2) by r01-srv02.r.lan (192.168.101.8) with Microsoft SMTP Server id 8.1.311.2; Wed, 6 May 2009 12:17:54 +0200 Received: from r00-srv02.r.lan ([192.168.100.2]) by r00-srv02.r.lan ([192.168.100.2]) with mapi; Wed, 6 May 2009 12:17:53 +0200 From: Julien Gerhards To: "users@httpd.apache.org" Date: Wed, 6 May 2009 12:17:52 +0200 Thread-Topic: mod_security Thread-Index: AcnOM+pHvBVR9oU6SSOlPBZ8kUzScg== Message-ID: <8079C77210AD154D986A30EAB13B42392DCD79FDA0@r00-srv02.r.lan> Accept-Language: fr-FR Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: fr-FR Content-Type: multipart/alternative; boundary="_000_8079C77210AD154D986A30EAB13B42392DCD79FDA0r00srv02rlan_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] mod_security --_000_8079C77210AD154D986A30EAB13B42392DCD79FDA0r00srv02rlan_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, I try to use mod_security but it doesn t filter anything ! My vhostconf : ServerSignature Off ServerName cache-ext ErrorLog logs/cache-ext_error.log CustomLog logs/cache-ext_access.log combined Deny from all RewriteEngine On # RewriteCond %{REQUEST_URI} ^/img=3D(.+)$ RewriteRule ^/img=3D(.+)$ $1 [L,P] RewriteLog /var/log/RewriteLog.log RewriteRule ^[/img=3D](.+)$ - [F] AllowEncodedSlashes on ProxyRequests On ProxyVia On CacheEnable disk / CacheRoot "/var/cache/mod_proxy" CacheEnable mem / MCacheMaxObjectSize 1024000 MCacheSize 102400 # deny from all allow from all SecFilterEngine On SecFilterDefaultAction "deny,log,status:403" SecFilterDebugLevel 9 SecFilterSelective macbidouille.com SecAuditLog logs/audit_log It should respond me an 403 error for every URL with a macbidouille.com in = the URL. Any ideas? --_000_8079C77210AD154D986A30EAB13B42392DCD79FDA0r00srv02rlan_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

I try to use mod_security but it doesn t filter anythi= ng !

My vhostconf :

 

<VirtualHost *:80>

    ServerSignature Off

    ServerName cache-ext

    ErrorLog logs/cache-ext_error.log

    CustomLog logs/cache-ext_access.log= combined

   <IfModule mod_proxy.c>

      <LocationMatch "= ;^[^/]">

         Deny = from all

      </LocationMatch> =

      <IfModule mod_rewrit= e.c>

         Rewri= teEngine On

#        RewriteCon= d %{REQUEST_URI} ^/img=3D(.+)$

         Rewri= teRule ^/img=3D(.+)$ $1 [L,P]

         Rewri= teLog /var/log/RewriteLog.log

         Rewri= teRule ^[/img=3D](.+)$ - [F]

         </= IfModule>

      AllowEncodedSlashes on<= o:p>

      ProxyRequests On

      ProxyVia On<= /p>

      <IfModule mod_disk_c= ache.c>

         Cache= Enable disk /

         Cache= Root "/var/cache/mod_proxy"

      </IfModule><= /o:p>

      <IfModule mod_mem_ca= che.c>

         Cache= Enable mem /

         MCach= eMaxObjectSize 1024000

         MCach= eSize 102400

      </IfModule><= /o:p>

      <proxy *>

    #     deny from= all

      </proxy>

      <proxymatch ^/img=3D= (.+)$>

         allow= from all

     </proxymatch>

     <IfModule mod_security.c&g= t;

        SecFilterEn= gine On

        SecFilterDe= faultAction "deny,log,status:403"

        SecFilterDe= bugLevel 9

        SecFilterSe= lective  macbidouille.com

        SecAuditLog= logs/audit_log

     </IfModule><= /p>

</IfModule>

</VirtualHost>

 

It should respond me an 403 error for every URL with a macbi= douille.com in the URL.

 

Any ideas?

--_000_8079C77210AD154D986A30EAB13B42392DCD79FDA0r00srv02rlan_--