search for: modsecur

Displaying 16 results from an estimated 16 matches for "modsecur".

Did you mean: modsecure
2009 Jul 27
4
What's the configure specs for the generic Apache install of CentOS x86_64 5.3?
I'm trying to install apache 2.2.x from a tarball. And it works. But I'm also trying to install modsecure, and I can't get that to work. It might help to know what CentOS uses to install Apache when doing the ./configure. === Al
2008 May 27
4
why there is no liblua5.1.so in /usr/lib?
hello all: I want to install ModSecurity v2.5.4 in my system. I do the following setup to install the lua tar -xzvf lua-5.1.3.tar.gz cd lua-5.1.3/src make linux cd .. make install The ModSecurity ask me to add "LoadFile /usr/lib/liblua5.1.so" to the http.conf,but there is no liblua5.1.so in /usr/lib. I have search it and...
2009 Apr 24
4
repository for mod_security
I want to add mod_security to my Apache server running CentOS 5.3 and am trying to find a repository to get it from. I found it in EPEL, but they have version 2.1.7, which is over a year old according to what I found on the modsecurity.org website. Is there a repository which is keeping this up to date? Or should I just build it from source? -- Bowie
2007 Dec 21
1
RPM-installed packages trying to install every run, causing service to fail
....2.25-1.i386.rpm]/ensure: change from absent to present failed: Execution of ''/bin/rpm -i --oldpackage /tmp/tomcat-connectors-1.2.25-1.i386.rpm'' returned 256: package tomcat-connectors-1.2.25-1 is already installed err: //puppetclient/cfsandbox.corp.localmatters.com/webapp/modsecurity/Package[modsecurity-apache2-2.1.4-1.i386.rpm]/ensure: change from absent to present failed: Execution of ''/bin/rpm -i --oldpackage /tmp/modsecurity-apache2-2.1.4-1.i386.rpm'' returned 256: package modsecurity-apache2-2.1.4-1 is already installed notice: //puppetclient/cf...
2014 Jun 17
3
RFE: dnsbl-support for dovecot
...rbldnsd with the sources is quite easy and in case of a own, trustable RBL where no foreigners report somebody by mistake it's relieable and scales well over many machines and services as long services supporting it mod_security: http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20140617/5390021d/attachment.sig&g...
2009 Jun 27
6
server is always getting hacked
WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last). Is there a good place to start to avoid these kinds of things? For example, here is what I already did. Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP
2008 Jun 09
2
Help, PHP/Mysql connections are so slow.
...ometimes up to a minute to list tables in phpmyadmin for example. I've verified on the server that the issue has to be PHP/Mysql related. If I use a CGI based Mysql admin tool, communication is fast and there are no delays. The server is Xeon based and has 4GB of RAM. SElinux is enabled, and ModSecurity for Apache too. Disabling these two does not help. SElinux allows Apache to network connect. Some php.ini settings: =============================== safe_mode = On max_execution_time = 60 max_input_time = 60 memory_limit = 128M open_basedir is active, and there are no conflicts. disable_functio...
2007 Dec 29
6
Regarding the 1.1.3 security release
* Apologies for starting a new thread; I just subscribed. Has anyone been able to make this exploit happen if requests are being proxied to Mongrel through Apache? I''ve been trying variations on the double-encoding thing and can''t trigger the exploit through Apache. Hitting Mongrel directly does expose the problem. I''ll still upgrade my servers, of course, but I
2009 Jun 12
5
Limit Request Body Size (Disallow very large File-uploads)
Hello all, For the last couple of days I was trying to get my Apache/mod_proxy/mongrel setup to limit the size of the request body. The setup is as follows: 1.) Apache acts as a reverse proxy by facilitating mod_rewrite and mod_proxy 2.) Requests for non-static files are passed on to a mongrel_cluster 3.) We use mongrel for our Ruby on Rails application Note that due to some restrictions we are
2007 Nov 20
1
openntp, mod_deflate, and mod_security CentOS5 rpms?
Hello, Has anyone made any of the above in to CentOS5 rpms? I've googled and not found any CentOS5 rpms and was wondering before i atempt to make them, was wondering if anyone else had any of them? Thanks. Dave.
2008 Jun 10
0
mod_security
...ecurity-2.1.7-1.el5 my installs were failing just after the root password set up, before software selection. I tracked it down to a server error 500 and it was due to mod_security claiming the comps.xml file was too big The error: [Tue Jun 10 09:59:01 2008] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Output filter: Content-Length (934390) over the limit (524288). [hostname "XXX.XXX"] [uri "/install/centos/5/x86_64/ repodata/comps.xml"] [unique_id "VJNb-4inMQIAACd0XcwAAAAA"] This is set in /etc/httpd/mod_security.d/modsecurity_crs_10_config.conf SecRespons...
2017 Jul 09
2
Hardening Apache on CentOS 7
Hi, Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails. This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc. I have a public sandbox server running CentOS 7, and I'm currently experimenting quite a lot with Apache
2007 Feb 23
5
Advice for Internet facing Mailserver
Hello and good day, i have setup a Server which is directly connected to the Internet, without NAT-Router or other Firewall Appliance. I am using FreeBSD 6.2. I have pf enabled to only allow traffic on specified Ports. I am using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There is only one /home/User, which authenticates via a Key with Pass- phrase to sshd. The
2010 Aug 10
5
Iptables questions
Hello, I have read and seen many options for additions to Iptables as a firewall and security system. All seem to react to logs and not to incoming packets (as far as I have seen) I am interested in doing a number of security ideas to the firewall, iptables, on my webserver. If you have a program you would suggest or believe iptables is the proper solution, please feel free to post that. Here
2013 Mar 06
4
Apache attacks - you can't stop them, or can you?
So I have this nice, simple web server up running. Its purpose is to allow me external testing with HIP, and to provide some files for external distribution. Of course, there it is sitting on port 80 and the attacks are coming in per logwatch report. Examples from the report include: Requests with error response codes 404 Not Found //phpMyAdmin-2.5.1/scripts/setup.php: 1
2011 May 08
5
Am I being to paranoid?
Hi All, I want to know thoughts on if I am being to paranoid/security conscious. CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and obviously the built-in firewall on the box. I have ssh on a different port and starting to use Keys instead of password authentication. I host an intensive website and I am getting about 150 unique visitors per day. What I am seeing is