Vaddiszno
7th October 2008, 15:41
Hi
I am using ispconfig with webalizer on fedora 8. A was able to view the statistics generated by the webalizer before.
After some ispconfig and fedora 8 update cycle now I can't do that.
After the usually login (username/pass) at www.xxxxx.com/stats I am getting this error message.
404 Error - File not found!
The following error occurred:
The requested URL was not found on this server.
Please check the URL or contact the Webmaster.
The file index.html is definitely there.
I've done some experience, so the problem is as follows:
Each html file generated by webalizer contains the line
<!-- Generated by The Webalizer Ver. 2.01-10 -->
However, the file
/etc/httpd/modsecurity.d/modsecurity_crs_50_outbound.conf
contains the line
# Statistics pages revealed
SecRule RESPONSE_BODY "\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware) |analysis was
produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getsta
ts|PeLAB))|[gG]enerated by.{0,100}?[Ww]ebalizer)\b" \
"phase:4,t:none,ctl:auditLogParts=+E,deny,log,audit log,status:404,msg:'Statistics Information Leakage',id:'970002',s
everity:'4'"
So this denies the sending of the .html's over the httpd server which is generated by webalizer.
I didn't want to make a workaround about this for myself, just suggest to fix it.
I am using ispconfig with webalizer on fedora 8. A was able to view the statistics generated by the webalizer before.
After some ispconfig and fedora 8 update cycle now I can't do that.
After the usually login (username/pass) at www.xxxxx.com/stats I am getting this error message.
404 Error - File not found!
The following error occurred:
The requested URL was not found on this server.
Please check the URL or contact the Webmaster.
The file index.html is definitely there.
I've done some experience, so the problem is as follows:
Each html file generated by webalizer contains the line
<!-- Generated by The Webalizer Ver. 2.01-10 -->
However, the file
/etc/httpd/modsecurity.d/modsecurity_crs_50_outbound.conf
contains the line
# Statistics pages revealed
SecRule RESPONSE_BODY "\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware) |analysis was
produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getsta
ts|PeLAB))|[gG]enerated by.{0,100}?[Ww]ebalizer)\b" \
"phase:4,t:none,ctl:auditLogParts=+E,deny,log,audit log,status:404,msg:'Statistics Information Leakage',id:'970002',s
everity:'4'"
So this denies the sending of the .html's over the httpd server which is generated by webalizer.
I didn't want to make a workaround about this for myself, just suggest to fix it.