HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Server Operation (
-   -   apache2 modsecurity in etch (

gabrix 4th May 2007 14:41

apache2 modsecurity in etch
I don't find apache2 mod-security in etch repositories. why is that ?Building it from source was out of my knowledge , how can i do without ?Is any alternative ?
Thanks !!!

x13317 4th May 2007 18:09

IIRC, it's been removed due to licensing issues. The original maintainer has a private repository at

Proceed at your own peril.

gabrix 5th May 2007 14:54


root@www:~# apt-cache search apache2 | grep mod-security2
libapache2-mod-security2 - Tighten web applications security for Apache 2.x
mod-security2-common - Tighten web applications security - common files
Pardon modsecurity exists still .i have a big problem: wherever i am if i run all passwords shows off .... permissions are:

-rw------- 1 root root 1726 2007-05-04 12:39 /etc/passwd
i put a.c.l. directories in apache2.conf :

<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
<Directory /web>
Order Allow,Deny
Allow from all
I have a2enmod mod-security2 and got all rules from gotroot site and it still shows off , it's a big problem never had before in stable sarge what shall i do ???

falko 5th May 2007 17:33


Originally Posted by gabrix
Pardon modsecurity exists still .

As far as I know mod_security doesn't exist in the official Debian Etch repositories anymore. What's in your /etc/apt/sources.list?

gabrix 8th May 2007 20:50


deb etch main non-free contrib
deb-src etch main non-free contrib
deb etch main
deb-src etch main
deb etch/updates main contrib non-free
deb-src etch/updates main contrib non-free
This is my sources.list and with or without the modsecurity the problem remains !!!

falko 9th May 2007 19:32

You can install apache2-devel and then compile as shown in the instructions (use apxs2 instead of apxs). Restart Apache2 afterwards, and mod_security should work again.
But I couldn't compile mod_security 2.1.1 on Debian Etch...

gabrix 9th May 2007 23:03

I don't actually see which change i made did make stop going on the "/" but now everything is allright
Quote: - - [09/May/2007:22:00:56 +0200] "GET /etc/passwd HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070309 Firefox/"
The modsecurity audit.log is empty,so i think is because i put " " around the / in apache2.conf acl.

All times are GMT +2. The time now is 14:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.