Hello to everybody, tonight I'm living a nightmare and i really would love someone give me a clue or an idea what i should do. I'm getting a brute force on my apache and I already try follow some tutorials for (mod_security and mod_evasive) they worked for now but when I activate the mod_security one of my software functions stop work (the patcher it look for a xml file) and get a 403 error. I have no idea what to do. Please someone help me with this trouble. This is the output i get on the error_log Code:
This is the line 47 from the modsecurity_crs_21_protocol_anomalies.conf Code:
Hi all! I've installed yesterday mod_security on my debian machine: libapache2-modsecurity 2.6.6-6+deb7u1 and rules tagged as 2.2.5 But there are tons of errors in Apache log: [Sat Jun 29 06:10:04 2013] [error] [client 157.158.66.216] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "forum.mydomain"] [uri "/download/file.php"] [unique_id "Uc5eHJ2eQtgAAHbzG3sAAAFq"] (...) [Sat Jun 29 08:51:59 2013] [error] [client 83.10.190.85] ModSecurity: Rule 7fc4d6aab2b0 [id "950901"][file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "redmine.mydomain"] [uri "/plugin_assets/redmine_lightbox/images/blank.gif"] [unique_id "Uc6ED52eQtgAAHbrGl0AAAD0"] On google there are suggestions to increase pcre limit so I've set: SecPcreMatchLimit 150000 SecPcreMatchLimitRecursion 150000 but without any result (that logs are with increased limits). I want to get rid of this errors. Regards Mikołaj Hi. I have searched for pcre limits mod_security errors and setting up those limits through php.ini and mod_security limits didn't work it.I don't know where I read it but It seems a mod_security bugs in that version. I hope someone can confirm it. Kind regards, Hi all! libapache2-modsecurity 2.6.6-6+deb7u1 and rules tagged as 2.2.5 Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/activated_**rules/modsecurity_crs_21_**protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_**HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "forum.mydomain"] [uri "/download/file.php"] [unique_id "Uc5eHJ2eQtgAAHbzG3sAAAFq"] (...) Rule 7fc4d6aab2b0 [id "950901"][file "/etc/modsecurity/activated_**rules/modsecurity_crs_41_sql_**injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "redmine.mydomain"] [uri "/plugin_assets/redmine_**lightbox/images/blank.gif"] [unique_id "Uc6ED52eQtgAAHbrGl0AAAD0"] SecPcreMatchLimit 150000 SecPcreMatchLimitRecursion 150000 but without any result (that logs are with increased limits). I want to get rid of this errors. Regards MikoÅaj ______________________________**_________________ Owasp-modsecurity-core-rule-**set mailing list https://lists.owasp.org/**mailman/listinfo/owasp-** modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> Describe the bug SSL certificate generation using Let's Encrypt result in 403 Forbidden error. Logs and dumps
Expected behavior SSL certificate generation should be successful as it is when disabling mod security. Server (please complete the following information):
Rule Set
|