Search DaniWeb - modsecurity

ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by bops …) I noticed that I was getting numerous errors from ModSecurity, such as: [Mon Aug 12 16:34:45 …:11:33 2013] [error] [client XX.XXX.XXX.XXX] ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null).…conf"] [line "93"] [msg "ModSecurity internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"] [hostname "… Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by cereal … these instructions: * https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#start-apache-httpd In addition…my previous post I was referring to this error: ModSecurity: Rule execution error - PCRE limits exceeded (-8): …example, these rule sets are in: /usr/share/modsecurity-crs/ And are divided by `base`, `experimental` … Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by bops …errors but I'm still getting the following: ModSecurity: Rule execution error - PCRE limits exceeded (-8…index.php"] [unique_id "UtVCLm1shFcAAElrMJoAAAAD"] ModSecurity: Access denied with code 403 (phase 2). … [line "93"] [msg "ModSecurity internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"] [hostname … Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by bops …54 2014] [error] [client <IP ADDRESS>] ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null…54 2014] [error] [client <IP ADDRESS>] ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null…quot;] [line "94"] [msg "ModSecurity internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"] [hostname &… Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by bops …;!@streq 0" \ "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by cereal Hi! If your current errors are the same of the above (Aug 2013) there are also few permissions errors, maybe Apache cannot write/read to those DBM files? Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by cereal Ok, what is missing here is the rule that generates the error, between `Rule` and `execution error` there should be the rule id and the filename in which this is saved. Try to increase to `9` the level of the mod_security debug log, then reload Apache: SecDebugLog /tmp/modsecurity_debug.log SecDebugLogLevel 9 And reload the test page… Re: ModSecurity - PCRE limits with no Regular Expressions 10 Years Ago by bops Ok, I'll have a bash with your suggestions and advice. Thanks for the help. I'll post back if I manage to fix it somehow. Cheers! Shell Script that will Parse IPs off Apache Log 16 Years Ago by ionzone …22:18:46 2008] [error] [client 111.222.11.22] ModSecurity: Access denied with code 406 (phase 2). Pattern match "…22:19:38 2008] [error] [client 111.222.11.22] ModSecurity: Access denied with code 406 (phase 2). Pattern match "…:19:43 2008] [error] [client 111.222.11.22] ModSecurity: Access denied with code 406 (phase 2). Pattern match "… Mod Security is a pain 10 Years Ago by bops …) I noticed that I was getting numerous errors from ModSecurity, such as: [Mon Aug 12 16:34:45 …:11:33 2013] [error] [client XX.XXX.XXX.XXX] ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null).…conf"] [line "93"] [msg "ModSecurity internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"] [hostname "… help parsing log 16 Years Ago by phynias i have a modsecurity log that i want to pull a couple things from. … SYN Attach â€“ 6 Months â€“ Thousands Of Request A Second â€“ Maybe Hacked â€“ Donâ€™t Know 14 Years Ago by phpfreek2007 … ############# fwsnort, bfd burnintest chkrootkit ddos faf lsm nobody_check sim apf ############# modsecurity-apache LoadModule evasive20_module /usr/lib64/httpd/modules/mod_evasive20.so <… 501 Method Not Implemented 13 Years Ago by luiii … scan on google says my hosts need to enable a ModSecurity exception? I have no idea what that means sorry. Is… Re: 501 Method Not Implemented 13 Years Ago by Kieran Y5 … mins... I don't *think* you need to enable some ModSecurity thingy, although I haven't heard of it before... You… Decrypting VB.Net (14) System.Security.Cryptography salted password in PHP 7 Years Ago by AndreRet … like this - Imports System.Security.Cryptography Imports System.Text Module modSecurity Public Function GetSaltedHash(pw As String, salt As String) As… Re: soap security 17 Years Ago by kuom …'s mod_security that might provide similar functionality: [URL]http://www.modsecurity.org/[/URL] In my project, we have dedicated web servers… Re: installation of php 5.3.27 with apache 2.4.4 10 Years Ago by veedeoo … a BITNAMI WAMP Stack bundled with phpMyAdmin, SQLite, Varnish, ImageMagick, ModSecurity, XDebug, Xcache, OAuth, Memcache, FastCGI, APC, GD, OpenSSL, CURL, openLDAP… Re: Request Processing in PHP 10 Years Ago by darne_1 … PHP but at the core level perhaps C module like modsecurity. Re: Shell Script that will Parse IPs off Apache Log 16 Years Ago by dandan [code]cat /usr/local/apache/logs/error_log|grep "Access denied with code 406"|grep -o -P "(?<= \[error\] \[client )[^]]*"|sort|uniq>> /etc/blocklist[/code] Re: Mod Security is a pain 10 Years Ago by bops Nothing at all? :/ Re: Mod Security is a pain 10 Years Ago by bops Reposting this in the Apache forum. Delete at will! Thanks. Re: help parsing log 16 Years Ago by eggi Hey There, Here's a cheap hack: [CODE]awk -F"[" '{print $3 " " $5 " " $9 " " $12}' LOGFILE|sed 's/^\([^\/]*\)\/[^\/]*\(\/[^]]*\)][^\"]*\"\([^\"]*\)\"[^\"]*\"\([^\"]*\)\".*/\3\|\1\|\2\|\4/'[/CODE] If you always get the double /'s on your directory path, just … Re: help parsing log 16 Years Ago by ghostdog74 [code] awk 'BEGIN{FS="[]].[[]|[[]|[]]"} { gsub(/id|\"/,"",$13) split($3,a,"/") gsub("tag","",$16) print $13,a[1],$7,$16 }' file [/code] Re: help parsing log 15 Years Ago by manik007 I am trying to create a shell script which should parse the logs from SystemOut.log file for a certain pattern for eg. Timeout. i am creating this shell in my home directory which is /home/manik/ and the Systemout.log file location is /opt/---/---/NodeA/logs/Server_name/SystemOut.log can anyone help me create this shell script Thank you … Re: help parsing log 15 Years Ago by JeoSaurus Hi Manik, you might want to start a new thread, since this was was solved back in March :) If this isn't what you're looking for, please start a new thread with more details. From what you've given us so far, it sounds like you just need to do something like: [icode]grep Timeout /opt/---/---/NodeA/logs/Server_name/SystemOut.log[/icode] Not … Re: help parsing log 15 Years Ago by manik007 i tried to do that but it will display me the details of the SystemOut.log file on the page but i want to capture all line which matches the pattern (TimeOut), there are more then one SystemOut.log file and i want to print out the details of all the files and save it in a folder in my home directly with the file name they are coming from. Re: help parsing log 15 Years Ago by manik007 #!/bin/sh T1=`grep -i SocketTimeout /opt/---/---/NodeA/logs/Server_Name/SystemOut.log` T2=`cat /opt/---/---/NodeA/logs/Server_Name/SystemOut.log | wc -l` T3=$(($T2 - $T1)) tail $T3 /opt/---/---/NodeA/logs/Server_Name/SystemOut.log > 123 I tried to create somthing like this but it gave me some errors , dosen't seem to work Re: help parsing log 15 Years Ago by eggi Hey There, Maybe something along the lines of: [CODE]find /opt/---/---/NodeA/logs/Server_name/ -name "*SystemOut*"|xargs -I var grep -i Timeout "var" /dev/null >DUMPFILE 2>&1[/CODE] you need the extra /dev/null in the xargs grep, so that the filename will show up in the grep output. This code isn't exact, but… Re: help parsing log 15 Years Ago by manik007 Can you please explain me the DUMPFILE i could not understand that......i am really new to this and i want to understand the whole thing... Thank you Re: SYN Attach â€“ 6 Months â€“ Thousands Of Request A Second â€“ Maybe Hacked â€“ Donâ€™t Know 14 Years Ago by phpfreek2007 Hi, Any idea regarding specific firewall which can stop the request for specific URL at entry point? Sam