|
List Info
Thread: ModSecurity Console (Repost)
|
|
| ModSecurity Console (Repost) |
 
United States |
2007-03-29 08:04:04 |
|
This is a resend since I had no response on this problem I
am having after many suggestions to upgrade to modsecurity 2.1.
I have upgraded my apache to 2.2.4 and at the same time
upgraded to modsecurity 2.1.0 with the core rule set.
I have added the following configuration in
modsecurity_crs_10_config.conf so I can log to a modsecurity console
server. ; Everything (that I am aware of) is setup like I usually do when I
add a new sensor for 1.9, but it isn’t working with 2.1.0. This is
our first server to run modsecurity 2.1.0.
SecAuditLogStorageDir "/var/log/modsecure/data/"
SecAuditLog "|/usr/local/apache/bin/modsec-auditlog-collector.pl
/var/log/modsecure/data/ /var/log/modsecure/index"
Am I missing something?
When I set a basic search like.. SecFilter REQUEST_URI
attack
I get the following errors in my /var/log/modsecure/index
file
> Failed to parse line: --450a2e03-A--
> Failed to parse line: [28/Mar/2007:08:48:52 --0400]
D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80
> Failed to parse line: --450a2e03-B--
> Failed to parse line: GET /attack HTTP/1.1
> Failed to parse line: Host: ncdcweb11.ncdc.ncus
> Failed to parse line: User-Agent: Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
> Failed to parse line: Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Failed to parse line: Accept-Language: en-us,en;q=0.5
> Failed to parse line: Accept-Encoding: gzip,deflate
> Failed to parse line: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Failed to parse line: Keep-Alive: 300
> Failed to parse line: Connection: keep-alive
> Failed to parse line: Cookie:
__utma=172831164.552980278.1166469779.1175026754.1175085885.4;
__utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
__utmc=172831164; PHPSESSID=2eeb27bc10057c9f534591752c72a097; __utmb=172831164
> Failed to parse line: Cache-Control: max-age=0
> Failed to parse line: --450a2e03-F--
> Failed to parse line: HTTP/1.1 404 Not Found
> Failed to parse line: Content-Length: 204
> Failed to parse line: Keep-Alive: timeout=5, max=100
> Failed to parse line: Connection: Keep-Alive
> Failed to parse line: Content-Type: text/html;
charset=iso-8859-1
> Failed to parse line: --450a2e03-H--
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Pattern match
"attack" at REQUEST_URI.
> Failed to parse line: Apache-Error: [file "core.c"]
[line 3631] [level 3] File does not exist: /home/httpd/attack
> Failed to parse line: Stopwatch: 1175086132861677 3700
(487 3524 -)
> Failed to parse line: Producer: ModSecurity v2.1.0
(Apache 2.x)
> Failed to parse line: Server: Apache/2.2.4 (Unix)
> Failed to parse line: --450a2e03-Z—
Then it also does not log into the /var/log/modsecure/data
directory either and therefore does not log to the modsecurity console server I
have. This all works with apache 2.2.3 and modsecurity 1.9 but now since
the full blown upgrade it doesn̵7;t work…;
Can I get some help with this?
Thanks
|
| Re: ModSecurity Console (Repost) |
|
2007-03-29 08:15:51 |
On 3/29/07, Russ Lavoie <rlavoie ncsoft.com> wrote:
>
> This is a resend since I had no response on this
problem I am having after
> many suggestions to upgrade to modsecurity 2.1.
On a community support list we sometimes respond quickly,
sometimes
not. It depends on our workloads. Reposting won't help you
get answers
more quickly.
> I have upgraded my apache to 2.2.4 and at the same time
upgraded to
> modsecurity 2.1.0 with the core rule set.
>
> I have added the following configuration in
modsecurity_crs_10_config.conf
> so I can log to a modsecurity console server.
Everything (that I am aware
> of) is setup like I usually do when I add a new sensor
for 1.9, but it isn't
> working with 2.1.0. This is our first server to run
modsecurity 2.1.0.
>
> SecAuditLogStorageDir
"/var/log/modsecure/data/"
>
> SecAuditLog
"|/usr/local/apache/bin/modsec-auditlog-collector.pl
> /var/log/modsecure/data/
/var/log/modsecure/index"
>
> Am I missing something?
I think you are missing a:
SecAuditLogType Concurrent
line in your configuration. More information, should you
need it, is
available in Ryan's post here:
http://www.modsecurity.org/blog/archives/
2007/03/modsecurity_con_1.html
>
>
>
> When I set a basic search like.. SecFilter REQUEST_URI
attack
>
>
>
> I get the following errors in my
/var/log/modsecure/index file
>
>
>
> > Failed to parse line: --450a2e03-A--
>
> > Failed to parse line: [28/Mar/2007:08:48:52
--0400]
> D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992
172.30.129.76 80
>
> > Failed to parse line: --450a2e03-B--
>
> > Failed to parse line: GET /attack HTTP/1.1
>
> > Failed to parse line: Host: ncdcweb11.ncdc.ncus
>
> > Failed to parse line: User-Agent: Mozilla/5.0
(Windows; U; Windows NT 5.1;
> en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
>
> > Failed to parse line: Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0
.9,text/plain;q=0.8,image/png,*/*;q=0.5
>
> > Failed to parse line: Accept-Language:
en-us,en;q=0.5
>
> > Failed to parse line: Accept-Encoding:
gzip,deflate
>
> > Failed to parse line: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
>
> > Failed to parse line: Keep-Alive: 300
>
> > Failed to parse line: Connection: keep-alive
>
> > Failed to parse line: Cookie:
>
__utma=172831164.552980278.1166469779.1175026754.1175085885.
4;
>
__utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(dire
ct)|utmcmd=(none);
> __utmc=172831164;
> PHPSESSID=2eeb27bc10057c9f534591752c72a097;
> __utmb=172831164
>
> > Failed to parse line: Cache-Control: max-age=0
>
> > Failed to parse line: --450a2e03-F--
>
> > Failed to parse line: HTTP/1.1 404 Not Found
>
> > Failed to parse line: Content-Length: 204
>
> > Failed to parse line: Keep-Alive: timeout=5,
max=100
>
> > Failed to parse line: Connection: Keep-Alive
>
> > Failed to parse line: Content-Type: text/html;
charset=iso-8859-1
>
> > Failed to parse line: --450a2e03-H--
>
> > Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against
> "REQUEST_METHOD" required.
>
> > Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against
> "REQUEST_METHOD" required.
>
> > Failed to parse line: Message: Warning. Pattern
match "attack" at
> REQUEST_URI.
>
> > Failed to parse line: Apache-Error: [file
"core.c"] [line 3631] [level 3]
> File does not exist: /home/httpd/attack
>
> > Failed to parse line: Stopwatch: 1175086132861677
3700 (487 3524 -)
>
> > Failed to parse line: Producer: ModSecurity v2.1.0
(Apache 2.x)
>
> > Failed to parse line: Server: Apache/2.2.4 (Unix)
>
> > Failed to parse line: --450a2e03-Z—
>
>
>
> Then it also does not log into the
/var/log/modsecure/data directory either
> and therefore does not log to the modsecurity console
server I have. This
> all works with apache 2.2.3 and modsecurity 1.9 but now
since the full blown
> upgrade it doesn't work…
>
>
>
> Can I get some help with this?
>
>
>
> Thanks
>
>
>
------------------------------------------------------------
-------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
chance to share your
> opinions on IT & business topics through brief
surveys-and earn cash
> http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
>
>
--
Ivan Ristic
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: ModSecurity Console (Repost) |
United States |
2007-03-29 08:20:54 |
|
Russ,
Looks like Ivan beat me to the punch J
Did you see my recent Blog post on this
subject? - http://www.modsecurity.org/blog/archives/2007/03/modsecurity_con_1.html.
Did you change the SecAuditLogType to
Concurrent? Also, were you able to use Concurrent logging in local only
mode? You should verify that Concurrent logging works locally before
attempting to use the modsec-auditlog-collector.pl script.
Let me know.
--
Ryan C. Barnett
ModSecurity Community
Manager
Breach Security: Director of Application
Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May
9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
From:
mod-security-users-bounceslists.sourceforge.net
[mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Russ Lavoie
Sent: Thursday, March 29, 2007
9:04 AM
To: mod-security-userslists.sourceforge.net
Subject: [mod-security-users]
ModSecurity Console (Repost)
This is a resend since I had no response on this problem I
am having after many suggestions to upgrade to modsecurity 2.1.
I have upgraded my apache to 2.2.4 and at the same time
upgraded to modsecurity 2.1.0 with the core rule set.
I have added the following configuration in
modsecurity_crs_10_config.conf so I can log to a modsecurity console
server. ; Everything (that I am aware of) is setup like I usually do when I
add a new sensor for 1.9, but it isn’t working with 2.1.0. This is
our first server to run modsecurity 2.1.0.
SecAuditLogStorageDir "/var/log/modsecure/data/"
SecAuditLog "|/usr/local/apache/bin/modsec-auditlog-collector.pl
/var/log/modsecure/data/ /var/log/modsecure/index"
Am I missing something?
When I set a basic search like.. SecFilter REQUEST_URI
attack
I get the following errors in my /var/log/modsecure/index
file
> Failed to parse line: --450a2e03-A--
> Failed to parse line: [28/Mar/2007:08:48:52 --0400]
D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80
> Failed to parse line: --450a2e03-B--
> Failed to parse line: GET /attack HTTP/1.1
> Failed to parse line: Host: ncdcweb11.ncdc.ncus
> Failed to parse line: User-Agent: Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
> Failed to parse line: Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Failed to parse line: Accept-Language: en-us,en;q=0.5
> Failed to parse line: Accept-Encoding: gzip,deflate
> Failed to parse line: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Failed to parse line: Keep-Alive: 300
> Failed to parse line: Connection: keep-alive
> Failed to parse line: Cookie:
__utma=172831164.552980278.1166469779.1175026754.1175085885.4;
__utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
__utmc=172831164; PHPSESSID=2eeb27bc10057c9f534591752c72a097; __utmb=172831164
> Failed to parse line: Cache-Control: max-age=0
> Failed to parse line: --450a2e03-F--
> Failed to parse line: HTTP/1.1 404 Not Found
> Failed to parse line: Content-Length: 204
> Failed to parse line: Keep-Alive: timeout=5, max=100
> Failed to parse line: Connection: Keep-Alive
> Failed to parse line: Content-Type: text/html;
charset=iso-8859-1
> Failed to parse line: --450a2e03-H--
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Pattern match
"attack" at REQUEST_URI.
> Failed to parse line: Apache-Error: [file
"core.c"] [line 3631] [level 3] File does not exist:
/home/httpd/attack
> Failed to parse line: Stopwatch: 1175086132861677 3700
(487 3524 -)
> Failed to parse line: Producer: ModSecurity v2.1.0
(Apache 2.x)
> Failed to parse line: Server: Apache/2.2.4 (Unix)
> Failed to parse line: --450a2e03-Z—
Then it also does not log into the /var/log/modsecure/data
directory either and therefore does not log to the modsecurity console server I
have. This all works with apache 2.2.3 and modsecurity 1.9 but now since
the full blown upgrade it doesn̵7;t work…;
Can I get some help with this?
Thanks
|
| Re: ModSecurity Console (Repost) |
United States |
2007-03-29 08:58:45 |
|
Thanks!
I missed that L Sorry to bug you about
that type of thing̷0;
I do have another question thoughR30;
I get this error ALL the time since the
upgrade a few days ago.
1)
Warning. Match of "rx OPTIONS" against
"REQUEST_METHOD" required. 2) Warning. Match of "rx
OPTIONS" against "REQUEST_METHOD" required.
This comes with every access of the
server and accessing every image on the page being displayed.
They are coming in as errors. I have no
idea what this means L
From: Ryan Barnett
[mailto:Ryan.BarnettBreach.com]
Sent: Thursday, March 29, 2007
8:21 AM
To: Russ Lavoie;
mod-security-userslists.sourceforge.net
Subject: RE: [mod-security-users]
ModSecurity Console (Repost)
Russ,
Looks like Ivan beat me to the punch J
Did you see my recent Blog post on this
subject? - http://www.modsecurity.org/blog/archives/2007/03/modsecurity_con_1.html.
Did you change the SecAuditLogType to
Concurrent? Also, were you able to use Concurrent logging in local only
mode? You should verify that Concurrent logging works locally before attempting
to use the modsec-auditlog-collector.pl script.
Let me know.
--
Ryan C. Barnett
ModSecurity Community
Manager
Breach Security: Director of Application
Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May
9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Russ Lavoie
Sent: Thursday, March 29, 2007
9:04 AM
To:
mod-security-userslists.sourceforge.net
Subject: [mod-security-users]
ModSecurity Console (Repost)
This is a resend since I had no response on this problem I
am having after many suggestions to upgrade to modsecurity 2.1.
I have upgraded my apache to 2.2.4 and at the same time
upgraded to modsecurity 2.1.0 with the core rule set.
I have added the following configuration in
modsecurity_crs_10_config.conf so I can log to a modsecurity console
server. ; Everything (that I am aware of) is setup like I usually do when I
add a new sensor for 1.9, but it isn’t working with 2.1.0. This is our
first server to run modsecurity 2.1.0.
SecAuditLogStorageDir "/var/log/modsecure/data/"
SecAuditLog
"|/usr/local/apache/bin/modsec-auditlog-collector.pl
/var/log/modsecure/data/ /var/log/modsecure/index"
Am I missing something?
When I set a basic search like.. SecFilter REQUEST_URI
attack
I get the following errors in my /var/log/modsecure/index
file
> Failed to parse line: --450a2e03-A--
> Failed to parse line: [28/Mar/2007:08:48:52 --0400]
D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80
> Failed to parse line: --450a2e03-B--
> Failed to parse line: GET /attack HTTP/1.1
> Failed to parse line: Host: ncdcweb11.ncdc.ncus
> Failed to parse line: User-Agent: Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
> Failed to parse line: Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Failed to parse line: Accept-Language: en-us,en;q=0.5
> Failed to parse line: Accept-Encoding: gzip,deflate
> Failed to parse line: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Failed to parse line: Keep-Alive: 300
> Failed to parse line: Connection: keep-alive
> Failed to parse line: Cookie:
__utma=172831164.552980278.1166469779.1175026754.1175085885.4; __utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
__utmc=172831164; PHPSESSID=2eeb27bc10057c9f534591752c72a097; __utmb=172831164
> Failed to parse line: Cache-Control: max-age=0
> Failed to parse line: --450a2e03-F--
> Failed to parse line: HTTP/1.1 404 Not Found
> Failed to parse line: Content-Length: 204
> Failed to parse line: Keep-Alive: timeout=5, max=100
> Failed to parse line: Connection: Keep-Alive
> Failed to parse line: Content-Type: text/html;
charset=iso-8859-1
> Failed to parse line: --450a2e03-H--
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Pattern match
"attack" at REQUEST_URI.
> Failed to parse line: Apache-Error: [file
"core.c"] [line 3631] [level 3] File does not exist:
/home/httpd/attack
> Failed to parse line: Stopwatch: 1175086132861677 3700
(487 3524 -)
> Failed to parse line: Producer: ModSecurity v2.1.0
(Apache 2.x)
> Failed to parse line: Server: Apache/2.2.4 (Unix)
> Failed to parse line: --450a2e03-Z—
Then it also does not log into the /var/log/modsecure/data
directory either and therefore does not log to the modsecurity console server I
have. This all works with apache 2.2.3 and modsecurity 1.9 but now since
the full blown upgrade it doesn̵7;t work…;
Can I get some help with this?
Thanks
|
| Re: ModSecurity Console (Repost) |
United States |
2007-03-29 09:15:40 |
|
Are you sure that is the entire Error Msg?
It should be something similar to this –
[Wed Mar 07 07:05:27
2007] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx
OPTIONS" against "REQUEST_METHOD" required. [id
";960015"] [msg "Request Missing an Accept Header"]
[severity "CRITICAL"] [hostname "blah"] [uri
"/something.html";] [unique_id "APg3BMCoD4QAAD3QOzEAAAAA"]
This is the rule that is matching –
SecRule
&REQUEST_HEADERS:Accept "eq 0"
"chain,skip:1,log,auditlog,msg:'Request Missing an Accept Header',
severity:'2',id:'960015'"
SecRule REQUEST_METHOD
";!OPTIONS"
What this rule means is that the Accept
header is required for all requests except for those that use the OPTIONS
Request Method.
--
Ryan C. Barnett
ModSecurity Community
Manager
Breach Security: Director of Application
Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May
9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Russ Lavoie
Sent: Thursday, March 29, 2007
9:59 AM
To:
mod-security-userslists.sourceforge.net
Subject: Re: [mod-security-users]
ModSecurity Console (Repost)
Thanks!
I missed that L Sorry to bug you
about that type of thing̷0;
I do have another question thoughR30;
I get this error ALL the time since the
upgrade a few days ago.
1) Warning. Match of "rx
OPTIONS" against "REQUEST_METHOD" required. 2) Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
This comes with every access of the
server and accessing every image on the page being displayed.
They are coming in as errors. I
have no idea what this means L
From: Ryan Barnett
[mailto:Ryan.BarnettBreach.com]
Sent: Thursday, March 29, 2007
8:21 AM
To: Russ Lavoie;
mod-security-userslists.sourceforge.net
Subject: RE: [mod-security-users]
ModSecurity Console (Repost)
Russ,
Looks like Ivan beat me to the punch J
Did you see my recent Blog post on this
subject? - http://www.modsecurity.org/blog/archives/2007/03/modsecurity_con_1.html.
Did you change the SecAuditLogType to
Concurrent? Also, were you able to use Concurrent logging in local only
mode? You should verify that Concurrent logging works locally before attempting
to use the modsec-auditlog-collector.pl script.
Let me know.
--
Ryan C. Barnett
ModSecurity Community
Manager
Breach Security: Director of Application
Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May
9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Russ Lavoie
Sent: Thursday, March 29, 2007
9:04 AM
To:
mod-security-userslists.sourceforge.net
Subject: [mod-security-users]
ModSecurity Console (Repost)
This is a resend since I had no response on this problem I
am having after many suggestions to upgrade to modsecurity 2.1.
I have upgraded my apache to 2.2.4 and at the same time
upgraded to modsecurity 2.1.0 with the core rule set.
I have added the following configuration in
modsecurity_crs_10_config.conf so I can log to a modsecurity console
server. ; Everything (that I am aware of) is setup like I usually do when I
add a new sensor for 1.9, but it isn’t working with 2.1.0. This is
our first server to run modsecurity 2.1.0.
SecAuditLogStorageDir "/var/log/modsecure/data/"
SecAuditLog
"|/usr/local/apache/bin/modsec-auditlog-collector.pl
/var/log/modsecure/data/ /var/log/modsecure/index"
Am I missing something?
When I set a basic search like.. SecFilter REQUEST_URI
attack
I get the following errors in my /var/log/modsecure/index
file
> Failed to parse line: --450a2e03-A--
> Failed to parse line: [28/Mar/2007:08:48:52 --0400]
D4ea7awegUwAAAkRBJgAAAAC 172.31.18.203 2992 172.30.129.76 80
> Failed to parse line: --450a2e03-B--
> Failed to parse line: GET /attack HTTP/1.1
> Failed to parse line: Host: ncdcweb11.ncdc.ncus
> Failed to parse line: User-Agent: Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
> Failed to parse line: Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Failed to parse line: Accept-Language: en-us,en;q=0.5
> Failed to parse line: Accept-Encoding: gzip,deflate
> Failed to parse line: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Failed to parse line: Keep-Alive: 300
> Failed to parse line: Connection: keep-alive
> Failed to parse line: Cookie:
__utma=172831164.552980278.1166469779.1175026754.1175085885.4; __utmz=172831164.1166469779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
__utmc=172831164; PHPSESSID=2eeb27bc10057c9f534591752c72a097; __utmb=172831164
> Failed to parse line: Cache-Control: max-age=0
> Failed to parse line: --450a2e03-F--
> Failed to parse line: HTTP/1.1 404 Not Found
> Failed to parse line: Content-Length: 204
> Failed to parse line: Keep-Alive: timeout=5, max=100
> Failed to parse line: Connection: Keep-Alive
> Failed to parse line: Content-Type: text/html;
charset=iso-8859-1
> Failed to parse line: --450a2e03-H--
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Match of
"rx OPTIONS" against "REQUEST_METHOD" required.
> Failed to parse line: Message: Warning. Pattern match
"attack" at REQUEST_URI.
> Failed to parse line: Apache-Error: [file
"core.c"] [line 3631] [level 3] File does not exist:
/home/httpd/attack
> Failed to parse line: Stopwatch: 1175086132861677 3700
(487 3524 -)
> Failed to parse line: Producer: ModSecurity v2.1.0
(Apache 2.x)
> Failed to parse line: Server: Apache/2.2.4 (Unix)
> Failed to parse line: --450a2e03-Z—
Then it also does not log into the /var/log/modsecure/data
directory either and therefore does not log to the modsecurity console server I
have. This all works with apache 2.2.3 and modsecurity 1.9 but now since
the full blown upgrade it doesn̵7;t work…;
Can I get some help with this?
Thanks
|
[1-5]
|
|