3 May 15:22
Newbie Question - ModSec + SquidGuard
From: Arthur Dent <misc.lists <at> blueyonder.co.uk>
Subject: Newbie Question - ModSec + SquidGuard
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-03 13:26:02 GMT
Subject: Newbie Question - ModSec + SquidGuard
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-03 13:26:02 GMT
Hello all, Firstly let me say that, having just installed ModSecurity I am *very* impressed with it. Thank you to all the devs for such a great product. I am not a sysadmin, I just have a simple, largely static, website with a few bits of dynamic content (eg a squirrelmail webmail package serving up my family's mail from behind a AuthUserFile password protected area). I protect my children from undesirable web content by using a squid proxy server + squidGuard filter. Prior to installing ModSecurity this worked just fine, redirecting to a page informing them that the site is blocked. Now they just get a 400 Bad Request which can be confusing. I think that ModSecurity is blocking access to the squidGuard.cgi app which serves up the squidGuard blocking page, but I think ModSecurity is blocking because it's come via a numeric IP. (see extract from debug.log) [03/May/2008:14:09:11 +0100] [www.mydomain.co.uk/sid#b92b64a8][rid#b97a0f80][/cgi-bin/squidGuard.cgi][1] Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] This causes problems because my internal network relies heavily on numerical IP addresses. Commenting out the above rule in modsecurity_crs_21_protocol_anomalies.conf allows it all to work properly again but I am not sure this is the best way to solve the problem. Should I create a local rule? If so how? (I might need some hand-holding...) Thanks in advance for any help. Mark
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users
RSS Feed