headers
Brian Rectanus | 4 Aug 06:39

Re: ModSecurity 2.5.6 Released

It does not seem a likely error caused by ModSecurity as the request is 
not altered.  Does it go away without ModSecurity?  Was this an upgrade 
of ModSecurity or a new install?  Is this a proxy install or installed 
into the same Apache as IPS?

Upon a cursory google search, the error may be a load issue and/or a 
corrupted DB.  Contact the vendor and see what could cause the error.

-B

Grant Peel wrote:
> Hi all,
> 
> After installing mod_security, I have a cleints Invision Power Board that is
> returning this error.
> 
>   IPS Driver Error
>   There appears to be an error with the database.
>   You can try to refresh the page by clicking here
> 
> 
>   Odyly enough, I don't see anything in the logs....
> 
>   Any ideas?
> 
>   -Grant
> ----- Original Message -----
> From: "Brian Rectanus" <Brian.Rectanus <at> breach.com>
> To: "Mod Security" <mod-security-users <at> lists.sourceforge.net>; "Mod
> Packagers" <mod-security-packagers <at> lists.sourceforge.net>
> Sent: Friday, August 01, 2008 12:49 PM
> Subject: [mod-security-users] ModSecurity 2.5.6 Released
> 
> 
>  > ModSecurity 2.5.6 was released earlier today.  This is a major bugfix
>  > release that  fixes issues associated with transformation caching which
>  > may result in an Apache crash or possibly evading ModSecurity under
>  > certain circumstances.  If you are using ModSecurity 2.5 you are advised
>  > to immediately apply a workaround and upgrade as soon as possible.
>  >
>  > Packages can be downloaded from modsecurity.org as always.
>  >
>  > To work around these issues until you can upgrade, use the following
>  > directive to disable transformation caching:
>  >
>  > SecCacheTransformations Off
>  >
>  >
>  > 31 Jul 2008 - 2.5.6
>  > -------------------
>  >
>  >  * Transformation caching has been deprecated, and is now off by
>  > default. We now advise against using transformation caching in 
> production.
>  >
>  >  * Fixed two separate transformation caching issues that could cause
>  > incorrect content inspection in some circumstances.
>  >
>  >  * Fixed an issue with the transformation cache using too much RAM,
>  > potentially crashing Apache with a large number of cache entries. Two
>  > new configuration options have been added to allow for a finer control
>  > of caching:
>  >
>  >      maxitems: Max number of items to cache (default 1024)
>  >      incremental: Whether to cache incrementally (default off)
>  >
>  >  * Added an experimental regression testing suite. The regression suite
>  > may be executed via "make test-regression", however it is strongly
>  > advised to only be executed on a non-production machine as it will
>  > startup the Apache web server that ModSecurity is compiled against with
>  > various configurations in which it will run tests.
>  >
>  >  * Added a licensing exception so that ModSecurity can be used in a
>  > derivative work when that derivative is also under an approved open
>  > source license.
>  >
>  >  * Updated mlogc to version 1.4.5 which adds a LockFile directive and
>  > fixes an issue in which the configuration file may be deleted.
>  >
>  >
>  > --
>  > Brian Rectanus
>  > Breach Security
>  >
>  > -------------------------------------------------------------------------
>  > This SF.Net email is sponsored by the Moblin Your Move Developer's
>  > challenge
>  > Build the coolest Linux based applications with Moblin SDK & win great
>  > prizes
>  > Grand prize is a trip for two to an Open Source event anywhere in the
>  > world
>  > http://moblin-contest.org/redirect.php?banner_id=100&url=/ 
> <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
>  > _______________________________________________
>  > mod-security-users mailing list
>  > mod-security-users <at> lists.sourceforge.net
>  > https://lists.sourceforge.net/lists/listinfo/mod-security-users
>  >
>  >
> 
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great 
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/ 
> <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> 

--

-- 
Brian Rectanus
Breach Security

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply |

Gmane