subject:"Re\\\: \\\[Owasp\\\-modsecurity\\\-core\\\-rule\\\-set\\\] Drupal 7, nginx with ModSecurity \\\- How to resolve that 404 error page please\\\?"

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

2016-12-01 Thread Matej Zuzčák

Hello Ehsan, Christian and Michael

thank you for your replies. So I will try use of nginx connector module.

Best Regards
Matej Zuzcak

Dňa 1.12.2016 o 10:53 Ehsan Mahdavi napísal(a):
> Dear Christian
> It isn't very odd to me if Matej uses Nginx with Modsec V2.x.
>
> As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it
> looks like to a known bug. While using nginx+modsecV2.x in reverse
> proxy mode (which is not the case for Matej) we have the very same
> issue for some post requests.
> I can refer you to these links:
>
> http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502
> 
> https://github.com/SpiderLabs/ModSecurity/issues/115
> 
> https://github.com/SpiderLabs/ModSecurity/issues/582
> 
> https://github.com/SpiderLabs/ModSecurity/issues/664
> 
> https://github.com/SpiderLabs/ModSecurity/issues/748
> 
>
>
> All complaining about this problem and no one takes the responsibility.
> The only way is to disable modsec for the requested uri and wait for
> the community to release modsec V3.0 or higher and hope that this bug
> will be fixed.
>
> Meantime he/she might find ctl:ruleEngine=off
>  useful.
>
> Br. Ehsan
>
> On Thu, Dec 1, 2016 at 11:56 AM, Christian Folini
> > wrote:
>
> Hello Matej,
>
> I had hoped somebody with an NginX could shed some light on this. But
> apparently not.
>
> It is very odd. Your server says he can not open a certain file
> (does it exist? permissions ok?) but then it seems that ModSec
> influences the behaviour of the server down to opening files.
> And that sounds quite crazy.
>
> On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote:
> > OWASP rule set. But when I active ModSecurity in my virtual host
> config
> > file for my Drupal 7 web I do not login, register or reset
> password with
> > this error in log:
>
> You English is a bit hard to understand here. Could you rephrase,
> please?
>
> > I found some solutions for Apache web server (these solutions use
> > modifications of htaccess file), but not for Nginx.
>
> What was the problem with Apache exactly and what did you modify in
> the .htaccess file to make it go away?
>
> Cheers,
>
> Christian
>
>
> --
> https://www.feistyduck.com/training/modsecurity-training-course
> 
> mailto:christian.fol...@netnea.com
> 
> twitter: @ChrFolini
> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> 
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> 
>
>
>
>
>
> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

2016-12-01 Thread Ehsan Mahdavi

Dear Christian
It isn't very odd to me if Matej uses Nginx with Modsec V2.x.

As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it looks
like to a known bug. While using nginx+modsecV2.x in reverse proxy mode
(which is not the case for Matej) we have the very same issue for some post
requests.
I can refer you to these links:

http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502
https://github.com/SpiderLabs/ModSecurity/issues/115
https://github.com/SpiderLabs/ModSecurity/issues/582
https://github.com/SpiderLabs/ModSecurity/issues/664
https://github.com/SpiderLabs/ModSecurity/issues/748


All complaining about this problem and no one takes the responsibility.
The only way is to disable modsec for the requested uri and wait for the
community to release modsec V3.0 or higher and hope that this bug will be
fixed.

Meantime he/she might find ctl:ruleEngine=off
 useful
.

Br. Ehsan

On Thu, Dec 1, 2016 at 11:56 AM, Christian Folini <
christian.fol...@netnea.com> wrote:

> Hello Matej,
>
> I had hoped somebody with an NginX could shed some light on this. But
> apparently not.
>
> It is very odd. Your server says he can not open a certain file
> (does it exist? permissions ok?) but then it seems that ModSec
> influences the behaviour of the server down to opening files.
> And that sounds quite crazy.
>
> On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote:
> > OWASP rule set. But when I active ModSecurity in my virtual host config
> > file for my Drupal 7 web I do not login, register or reset password with
> > this error in log:
>
> You English is a bit hard to understand here. Could you rephrase,
> please?
>
> > I found some solutions for Apache web server (these solutions use
> > modifications of htaccess file), but not for Nginx.
>
> What was the problem with Apache exactly and what did you modify in
> the .htaccess file to make it go away?
>
> Cheers,
>
> Christian
>
>
> --
> https://www.feistyduck.com/training/modsecurity-training-course
> mailto:christian.fol...@netnea.com
> twitter: @ChrFolini
> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

2016-12-01 Thread Christian Folini

Hello Matej,

I had hoped somebody with an NginX could shed some light on this. But
apparently not.

It is very odd. Your server says he can not open a certain file
(does it exist? permissions ok?) but then it seems that ModSec
influences the behaviour of the server down to opening files.
And that sounds quite crazy.

On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote:
> OWASP rule set. But when I active ModSecurity in my virtual host config
> file for my Drupal 7 web I do not login, register or reset password with
> this error in log:

You English is a bit hard to understand here. Could you rephrase,
please?

> I found some solutions for Apache web server (these solutions use
> modifications of htaccess file), but not for Nginx.

What was the problem with Apache exactly and what did you modify in
the .htaccess file to make it go away?

Cheers,

Christian

-- 
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.fol...@netnea.com
twitter: @ChrFolini
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

Re: [Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

3 matches

Site Navigation

Mail list logo

Footer information