Re: [Owasp-modsecurity-core-rule-set] proxy

Thu, 10 Jul 2014 21:54:07 -0700

Yes, I understand that. I have a Company Website that displays a few information pages (text and graphics) and a ContactUs form. Are there any rules automatically enabled in modsecurity, to avoid the http requests that I have shown ? I mean will it start doing the prevention automatically for atleast some kind of http requests ? 

Thanks.

On 07/11/2014 10:04 AM, Mr XYZ 123 wrote:

Hi,
You can prevent these types of fuzzes by using mod_security..
but using all rules can void functionality of web app.
So you have to configure / whitelist security rules manually.. according to access/error_log 
or according to need of web application.



> Date: Fri, 11 Jul 2014 08:26:43 +0530
> From: aniyan.raj...@gmail.com
> To: owasp-modsecurity-core-rule-set@lists.owasp.org
> Subject: [Owasp-modsecurity-core-rule-set] proxy
>
> Hello,
>
> I have set up a new VPS. I haven't install mod_security yet. I am seeing 
> the following lines in /var/log/apache2/access.log
>
> 37.187.44.90 - - [11/Jul/2014:01:13:44 +0000] "HEAD
> http://128.111.222.22:80/phpMyAdmin3/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:44 +0000] "HEAD
> http://128.111.222.22:80/phpMyAdmin-3/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:45 +0000] "HEAD
> http://128.111.222.22:80/php-my-admin/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:45 +0000] "HEAD
> http://128.111.222.22:80/PMA2012/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:45 +0000] "HEAD
> http://128.111.222.22:80/pma2012/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:45 +0000] "HEAD
> http://128.111.222.22:80/PMA2011/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:45 +0000] "HEAD
> http://128.111.222.22:80/pma2011/ HTTP/1.1" 404 202 "-" "Jorgee"
> 37.187.44.90 - - [11/Jul/2014:01:13:46 +0000] "HEAD
> http://128.111.222.22:80/phpmanager/ HTTP/1.1" 404 202 "-" "Jorgee"
>
> I think these are some nasty requests. How can I avoid these kind of
> requests ? Will installing mod_security help ?
>
> I can see: #ProxyVia Off in /etc/apache2/mods-available/proxy.conf. If I 
> uncomment this line, will it prevent the above requests ?
>
>
> Please suggest.
> Thanks.
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set



_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to