Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th January 2013, 02:36
aibara aibara is offline
Junior Member
 
Join Date: Apr 2012
Posts: 18
Thanks: 1
Thanked 4 Times in 2 Posts
Default [PROBLEM] Howto install/update modsecurity2 with ispconfig3 for IDA

Hi,

I'm actually using the modsecurity from this tutorial made by Till.
http://www.faqforge.com/category/lin...ls/ispconfig3/

The tutorial works great , and i am very happy with my new implementation.

My problem is very simple, and i know how to solve this.
https://www.modsecurity.org/tracker/browse/MODSEC-288
As explained on the link, there's a bug with {unique_id} variable, what i need is something like :

In file : modsecurity_crs_10_config.conf (main modsecurity config file)
SecDefaultAction "phase:2,log,redirect:http://blabla.com/security/hack.php?ip=%{remote_addr}&regla=%{rule.msg}&id=%{ UNIQUE_ID}"

I need UNIQUE_ID to manage a future script to ban bad requests using iptables.

But when the redirect happens, no unique_id appears.
The bugtracker says that its fixed in 2.7.0, so thats why i need to update.

I have already tried a lot of tutorials, and any of them work.

Dunno what to do now, i'm a little lost.
I Hope someone can help me with this and first of all, thanks for helping.
Reply With Quote
Sponsored Links
  #2  
Old 21st January 2013, 01:01
aibara aibara is offline
Junior Member
 
Join Date: Apr 2012
Posts: 18
Thanks: 1
Thanked 4 Times in 2 Posts
 
Default

Okey, i'm now running modsecurity 2 with owasp 2.7.1 Rules.

For those who want to protect their servers against WEB attacks on a Debian Squeeze read the following Manuals.

First (remember to change the paths in some commands, CHECK IT)
https://github.com/SpiderLabs/ModSec...ion_for_Apache

Second, download and install (follow INSTALL file inside the .tar) the rule set from
https://www.owasp.org/index.php/Cate...le_Set_Project

Third (Optional) - Bann Attackers with iptables
http://spamcleaner.org/en/misc/modsec2ipt.html
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO: create a cronjob in ispconfig3 to start the TYPO3 scheduler service dinsdale Tips/Tricks/Mods 0 25th February 2011 17:36
amavis rejects all inbound emails aclhkaclhk Installation/Configuration 5 28th February 2010 04:24
Virtual Users and Domains howto and the ISPConfig3 howto for Ubuntu 9.10 loubart HOWTO-Related Questions 9 2nd December 2009 15:58
Howto Update Squirrelmail (Ispconfig3 in Debian Lenny) alogoC Installation/Configuration 1 28th September 2009 00:36


All times are GMT +2. The time now is 10:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.