Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C1D64102FC for ; Mon, 26 May 2014 18:31:29 +0000 (UTC) Received: (qmail 90321 invoked by uid 500); 26 May 2014 18:31:27 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 90281 invoked by uid 500); 26 May 2014 18:31:27 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 90273 invoked by uid 99); 26 May 2014 18:31:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 May 2014 18:31:27 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [107.14.73.227] (HELO dnvrco-oedge-vip.email.rr.com) (107.14.73.227) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 May 2014 18:31:20 +0000 Received: from [72.177.165.177] ([72.177.165.177:51234] helo=mizzenmast.metbymail.com) by dnvrco-oedge01 (envelope-from ) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 3A/F9-09795-36883835; Mon, 26 May 2014 18:30:59 +0000 Received: from localhost (localhost [127.0.0.1]) by mizzenmast.metbymail.com (Postfix) with ESMTP id 4D04CA04ED0 for ; Mon, 26 May 2014 13:30:59 -0500 (CDT) X-Virus-Scanned: amavisd-new at metbymail.com Received: from mizzenmast.metbymail.com ([127.0.0.1]) by localhost (mizzenmast.metbymail.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8VAaN7e-SIOz for ; Mon, 26 May 2014 13:30:59 -0500 (CDT) From: Tim Rohrer Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Message-Id: <8418FE63-FB41-4886-9CB5-CB8CB61562ED@itstechnical.net> Date: Mon, 26 May 2014 13:30:57 -0500 To: users@httpd.apache.org X-RR-Connecting-IP: 107.14.64.118:25 X-Authority-Analysis: v=2.1 cv=f7vGBYCM c=1 sm=1 tr=0 a=CnN7csKrz4wVaPdfMXBgZg==:117 a=CnN7csKrz4wVaPdfMXBgZg==:17 a=ayC55rCoAAAA:8 a=wcax7AIzLr8A:10 a=dvttXBVjNGQA:10 a=wPDyFdB5xvgA:10 a=N659UExz7-8A:10 a=8MbuNKU2AAAA:8 a=1SxfEwHpAAAA:8 a=BVtDedMwaCcTpcUPxMAA:9 a=ygFYVCXmtRJ9pmbp:21 a=jG1VOQA8Oyx77uFX:21 a=pILNOxqGKmIA:10 X-Cloudmark-Score: 0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Configuration issues leading to mod_security alerts? Hello! I have a system set up where I use a reverse proxy (Apache/2.4.7 (Ubuntu = 14.04LTS)), to reach a content server (Apache/2.2.22 (Ubuntu 12.04LTS)). = The content server is providing a Wordpress (latest version) site. Two = domains point to the external ip and the proxy server passes them to the = content server as either 80 or 443 traffic. On the backend, a = redirection occurs for all 80 traffic to 443 which has 3rd party cert. The reverse proxy is also providing caching. The site seems to be = working. I then installed mod_security from the Ubuntu package = libapache2-modsecurity, which I understand to be ver 2.7.7-2, downloaded = the CRS and turned it on with DetectionOnly. However, every time the site is accessed, I get a significant number of = alerts. And a significant number of these seem related to cache = (specifically Cache-Control Response Header Missing), headers = (Content-Type Headers missing), and cookies. Some include the tag of = =93MISCONFIGURATION=94. I=92ve been reading how to scrub these for false-positives, but the = number of them right now makes me think I may have a configuration = screwup, and I want to rule that out before I start turning off rules. I don=92t want to indiscriminately dump logs or config files here but = will provide what others think is most valid. Thanks in advance for any help getting pointed in the right direction. Tim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org