Knowledgebase
mod_security errors
Posted by zahirw, 06-22-2011, 08:47 AM | I was getting a very slow response on one of my client servers, the error log had this line
Wed Jun 22 17:26:50 2011] [error] [client 11.22.33.44] ModSecurity: Unable to retrieve collection (name "ip", key "11.22.33.444"). Use SecDataDir to define data directory first. [hostname "www.domain.com"] [uri "/dir/to/receive.php"] [unique_id "qe9DoX8BGYkAAAAI"]
I added SecDataDir /usr/local/apache/modsec_data to modsecurity_crs_10_config.conf after creating and chowning the directory however now we have these errors. The site speed improved though.
[Wed Jun 22 18:02:59 2011] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.com' does NOT match server name!?
[Wed Jun 22 18:03:24 2011] [error] [client 44.33.22.11] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 5, SQLi=, XSS=): Host header is a numeric IP address"] [hostname "44.33.22.11"] [uri "/file.php"] [unique_id "LLQzcX8AAAEAAGAAAAJ"]
[Wed Jun 22 18:12:01 2011] [error] [client 11.22.33.44] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 5, SQLi=, XSS=): Request Missing an Accept Header"] [hostname "www.domain.com"] [uri "/index.php"] [unique_id "S39riX8AAAEAAAAAAK"]
Any idea?
|
Posted by zahirw, 06-22-2011, 04:48 PM | Any takers on this?
|
Posted by mikegotroot, 06-30-2011, 01:28 PM | Those arent errors, you have modsecurity setup in anomaly detection mode. You'll have to tune it for your system, or use rules that are already tuned.
|
|
Add to Favourites
Print this Article |
Also Read