Search squid archive

Mod-security blocking my proxy server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear All,

A domain hosting site running mod-security is blocking one of my proxy
server. They have provided me the following security logs for the
reason.

Note: I have modified the site and IP of my proxy server. 

Does the logs below mean that some of my clients are abusing my proxy
server?


[Fri Mar 9 01:24:26 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "<script" at THE_REQUEST
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=>'><ScRiPt%20%0a%0d>alert(121446072)%3B</S
cRiPt>"]

[Fri Mar 9 01:24:27 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "<script" at THE_REQUEST
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=</title><ScRiPt%20%0a%0d>alert(1853475877)
%3B</ScRiPt>"]

[Fri Mar 9 01:24:29 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "<script" at THE_REQUEST
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=>\\"><ScRiPt%20%0a%0d>alert(1640807322)%3B
</ScRiPt>"]

[Fri Mar 9 01:24:30 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match
"<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|appl
et|activex|chrome)[[:space:]]*>" at REQUEST_URI [hostname
"somesite.com"] [uri
"/pressrelease_details.php?id=<%00script>alert(2038864227)%3B</script>"]

[Fri Mar 9 01:24:32 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "<script" at THE_REQUEST
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=--><ScRiPt%20%0a%0d>alert(114595006)%3B</S
cRiPt>"]

[Fri Mar 9 01:24:37 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "/etc/passwd" at REQUEST_URI
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=+%26cat+/etc/passwd%26"]

[Fri Mar 9 01:24:37 2007] [error] [client 192.168.0.18] mod_security:
Access denied with code 406. Pattern match "/etc/passwd" at REQUEST_URI
[hostname "somesite.com"] [uri
"/pressrelease_details.php?id=+%0acat+/etc/passwd%0a"]


Any kind of help and feedback are highly appreciated. 

Thanking you..


- -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFF9lTsVrOl+eVhOvYRAqGcAJ9OT+UbDWAA3UMsSRbHC8zmfBWxOACcC3U6
Pr6zzwkH8HD8qdoq8kIvrVY=
=u2e+
-----END PGP SIGNATURE-----
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux