Saturday, April 27, 2013

mod security blocking ips and causing sites to go offline

This can cause site admins to lose access to their sites completely due to automatic blocks by mod security
Error 7 (net::ERR_TIMED_OUT): The operation timed out.

if you get this error on your site then it is most probably  mod_security banning your ip on your server

maybe due to hosting companies using older versions of mod security  software?

Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]

ModSecurity ‏@ModSecurity9h
 You should upgrade ModSecurity to latest 2.7.3 w/restricted htaccess support

However, the fastest way around mod_security issues is to bypass mod_security entirely. Add the line 'SecFilterEngine off' to the .htaccess file in the root of your site . That should turn off mod_security, and allow you to at least verify if that's causing the real problem.

From: Breno Silva>
Date: Friday, March 29, 2013 12:55 PM
To: "mod-security-users">, mod-security-developers>,>
Subject: [mod-security-users] Availability of ModSecurity 2.7.3 Stable Release

The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.7.3 Stable Release.The stability of this release is good and includes many bug fixes.

Many issues and missing features for NGINX module were fixed. NGINX module version is now RC. We have fixed some minor issues for IIS.

We also added some important new features, the ability to load some specific directives into .htaccess files and the SecXmlExternalEntity security feature that will disable by default the possibility to load xml external entities. We recommend all users use this version.

Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod-security-developers


Breno Silva

No comments:

Post a Comment