HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   mod_security breaking ispc (http://www.howtoforge.com/forums/showthread.php?t=14549)

rickconn 7th August 2007 01:48

mod_security breaking ispc
 
Gday Team,

I have debian etch with ispc 2.2.14

I have installed mod_security 2.1.1-0

I am concerned about breaking somthing in ispc.


I found the following in my log file.

The following entry relates to the domain for ispconfig not for hosted domains.
These errors are 'CRITICAL' and I guess it means ispconf will not be able to
do something it need to.

[07/Aug/2007:01:15:13 +1000] [tld.mydomain.com/sid#8292580][rid#856aab8][/][2]
Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. [id "960015"]
[msg "Request Missing an Accept Header"] [severity "CRITICAL"]
:eek:

After commenting out The above rule, I get the following 'critical' error

[07/Aug/2007:01:19:48 +1000] [tld.mydomain.com/sid#82942b0][rid#857f5f8][/][2]
Warning. Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [id "960032"]
[msg "Method is not allowed by policy"] [severity "CRITICAL"]
:eek:

After comment out both rules, I have no more errors for my ispconfig domain,
however I also do not have those rules being applied to my hosted domains.

Can someone please help with writing a rule to exclude ispconfigs domain only,
so the above rule can be used again.

Thankyou for your time and effort.

Cheers
Rick :cool:

AlArenal 7th August 2007 10:28

ISPC comes with it's own apache webserver. So if you install mod_security on Debian Etch, it is "only" integrated in the distribution's apache serving the webpages, not within ISPC's apache.


All times are GMT +2. The time now is 11:11.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.