[Owasp-modsecurity-core-rule-set] Help - ModSecurity and ModRewrite issues

Sat, 08 Dec 2012 20:50:19 -0800 

Team,
I would appreciate if you could provide any help in resolving these two issues 
with ModSecurity and ModRewrite modules.

Mod security Pending Issues in Dev03


1.       Mod Rewrite + mod security not working properly
 https://dev03-www.xyz.com/ should redirect to 
https://dev03-www.xyz.com/app/ccsite/action/home, which the mod_rewrite module 
does, however, modSecurity is intercepting it and then the request is being 
forced to /cust/docs/instancemain/app. This redirect does not happen , we are 
not sure if this is an issue with modsecurity or mod rewrite or compatibility 
between the both the version of them.


2.       Mod Rewrite  trace level issues in audit logs

Mod security should not be logging trace level details in the  audit log as per 
the setting , We are not sure why the below lines are appearing in the log file

Apache-Error: [file "mod_rewrite.c"] [line 467] [level 9] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 10] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 11] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 11] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 10] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 11] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 10] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 11] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 10] %s
Apache-Error: [file "mod_rewrite.c"] [line 467] [level 11] %s


With Best Regards,

Praveen Nair, C|CISO, CISSP, CISM, CRISC
IT Security Consultant
Barclays Global Information Security - GISTR
Email: pn...@barclaycardus.com<mailto:pn...@barclaycardus.com>
Company Confidential



Barclaycard
www.barclaycardus.com 

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.


_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to