From: Volkov, Pavel [mailto:pavel.vol...@nuance.com] Sent: Wednesday, March 20, 2013 4:20 PM To: owasp-modsecurity-core-rule-set@lists.owasp.org Subject: not running rules in phase 1 and phase 2
Hi, I have Basic Authentication setup for Apache. I am trying to configure rules to block user after 3 consecutive unsuccessful login. The problem for me is that rules are not executed in phase1,2 unless authentication succeeds. It looks like request is being handled by Apache before it gets to mod_security. I am using Apache 2.2.3 on CentOS 5.4, mod_security version is 2.6.8. In the debug log I don't see any sign of why phase1 and 2 are skipped. [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][4] Initialising transaction (txid -m-PDH8AAAEAAB33iMYAAAAA). [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][4] Transaction context created (dcfg 8900888). [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][4] Hook insert_error_filter: Adding output filter (r 89874a8). [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][9] Output filter: Receiving output (f 8989398, r 89874a8). [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][4] Starting phase RESPONSE_HEADERS. [20/Mar/2013:10:25:29 --0400] [10.1.82.164/sid#8977c10][rid#89874a8][/escription/mypage.html][9] This phase consists of 7 rule(s). Does anyone have any ideas? Thanks, Pavel
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
