Hi,
I am new to mod-security. I am using apache2 with
mod-security2 on
Debian. I downloaded the rulesets from
http://www.gotroot.com/downloads/ftp/
mod_security/2.0/apache2/rules.conf...
http://www.gotroot.com/downloads/ftp/m
od_security/2.0/apache2/jitp.conf...
http://www.gotroot.com/downloads
/ftp/mod_security/2.0/apache2/useragents.conf...
http://www.gotroot.com/downloads/
ftp/mod_security/2.0/apache2/blacklist.conf...
http://www.gotroot.com/downloads
/ftp/mod_security/2.0/apache2/blacklist2.conf...
http://www.gotroot.com/downlo
ads/ftp/mod_security/2.0/apache2/apache2-rules.conf...
http://www.gotroot.com/downloads/f
tp/mod_security/2.0/apache2/rootkits.conf...
http://www.gotroot.com/downloads/ft
p/mod_security/2.0/apache2/exclude.conf...
http://www.gotroot.com/downloads/ftp
/mod_security/2.0/apache2/recons.conf...
and first all websites stopped working until I disabled
SecRule REQUEST_PROTOCOL
"!^HTTP/(0.9|1.0|1.1)$"
"id:340000,severity:1,msg:'Bad HTTP Protocol'"
To use the MediaWiki I had to disable several rules, too.
I wonder if I am the only one with this errors or if the
project is not
maintained anymore. Because the rules-files on the Server
are almose 1
year old, too..
Greetings,
AK-Palme
_______________________________________________
Modsecurity mailing list
Modsecurity gotroot.com
http://lists.gotroot.com/mailman/listinfo/modsecurity
|
