Am 19.03.2012 11:10, schrieb Aero Maxx: > On 18/03/2012 21:48, Reindl Harald wrote: >> >> Am 18.03.2012 22:24, schrieb Aero Maxx: >>> On 18/03/2012 13:44, Reindl Harald wrote: >>>> Am 18.03.2012 14:34, schrieb Aero Maxx: >>>>> [Sun Mar 18 03:48:31 2012] [error] [client 192.168.0.103] ModSecurity: Warning. Operator GE matched 15 at >>>>> TX:outbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line >>>>> "38"] [msg "Outbound Anomaly Score Exceeded (score 15): The application is not available"] [hostname >>>>> "www.wordpress.beta"] [uri "/index.php"] [unique_id "T2VbD1IRn4QAACJXLNQAAAAB"] >>>>> >>>>> How would I go about fixing that ? so i can have virtual hosts that modsecurity doesn't complain about? >>>> SecResponseBodyAccess Off >>>> >>>> SecResponseBodyAccess does mostly introduce more problems >>>> as it can ever solve - you saw the "Outbound Anomaly Score Exceeded" >>>> >>> Where abouts is a good place to put that ? >> >> cat /etc/httpd/modsecurity.d/modsecurity_10_config.conf >> SecRuleEngine On >> SecRequestBodyAccess On >> SecRequestBodyInMemoryLimit 1048576 >> SecResponseBodyAccess Off >> SecServerSignature "not disclosed" >> SecUploadDir /tmp >> SecUploadKeepFiles Off >> SecArgumentSeparator "&" >> SecCookieFormat 0 >> SecPcreMatchLimit 150000 >> SecPcreMatchLimitRecursion 150000 >> >> SecAuditEngine Off >> SecAuditLogRelevantStatus "^(?:5|4(?!04))" >> SecAuditLogType Serial >> SecAuditLog logs/modsec_audit.log >> SecAuditLogParts "ABIFHKZ" >> >> SecDebugLog logs/modsec_debug.log >> SecDebugLogLevel 0 >> SecDataDir /tmp >> SecTmpDir /tmp >> >> SecDefaultAction "phase:2,deny,log" >> > > I didn't have any of what you posted in that file I had something slightly different for SecDefaultAction. I have > added SecResponseBodyAccess Off to this file, would you recommend I add all of it? i can not recommend anything because this is from a live-configuration and we are using modsec and httpd from our own builds and much newer versions as fedora provides since many years
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org