Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd January 2012, 21:46
mario_antonio mario_antonio is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPconfig heart beat and Modsecurity

I am noticing (after digging around) that the crontab that ispconfig run every minute generates a get request every five minutes ...

These are the log entries:
127.0.0.1 - - [03/Jan/2012:14:25:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:30:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:35:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:40:02 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:45:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"

These requests are cluttering my Modsecurity logs:
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity_rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "29"] [id "960008"] [rev "2.2.3"] [msg "Request Missing a Host Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Action: Intercepted (phase 2)

Is there a way to prevent Ispconfig from generating these type of requests ?

M.A.
Reply With Quote
Sponsored Links
  #2  
Old 4th January 2012, 14:58
mario_antonio mario_antonio is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is the piece of code generating those requests ....

/usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php

/* Monitor Webserver */
$data['webserver'] = -1; // unknown - not needed
if ($services['web_server'] == 1) {
if ($this->_checkTcp('localhost', 80)) {
$data['webserver'] = 1;
} else {
$data['webserver'] = 0;
$state = 'error'; // because service is down
}
}

-----------------

private function _checkTcp($host, $port) {
/* Try to open a connection */
$fp = @fsockopen($host, $port, $errno, $errstr, 2);

if ($fp) {
/*
* We got a connection, this means, everything is O.K.
* But maybe we are able to do more deep testing?
*/
if ($port == 80) {
/*
* Port 80 means, testing APACHE
* So we can do a deepter test and try to get data over this connection.
* (if apache hangs, we get a connection but a timeout by trying to GET the data!)
*/
fwrite($fp, "GET / HTTP/1.0\r\n\r\n");
stream_set_timeout($fp, 5); // Timeout after 5 seconds
$res = fread($fp, 10); // try to get 10 bytes (enough to test!)
$info = stream_get_meta_data($fp);
if ($info['timed_out']) {
return false; // Apache was not able to send data over this connection
}
}

/* The connection is no longer needed */
fclose($fp);
------------------
Reply With Quote
  #3  
Old 4th January 2012, 15:18
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,268 Times in 4,130 Posts
Default

Replace line:

Code:
fwrite($fp, "GET / HTTP/1.0\r\n\r\n");
with:

Code:
$out = "GET / HTTP/1.1\r\n";
$out .= "Host: localhost\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 4th January 2012, 15:52
mario_antonio mario_antonio is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Till,

Thanks for the suggestion (it Worked!)

But To keep ModSEcurity happy, I had to add the User Agent Header too ...

$out .= "Host: localhost\r\n";
$out .= "User-Agent: IspConfig Monitor\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);

M.A.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 01:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.