headers
Steve McKinney | 2 Mar 00:20

403 Forbidden error

I am running hardened-gentoo (with grsecurity) and have apache 2.0.55. 
I have installed mod_security 1.87 (the latest version gentoo has marked 
stable) and am using the chroot feature.

When I try to access a page using:

links http://127.0.0.1

I receive a 403 Forbidden error saying that I do not have permission to 
access / on this server.

I can access the page if I turn off mod_security

My current DocumentRoot is set to /var/www/localhost/htdocs/

So my html files are in:

/var/chroot/apache2/var/www/localhost/htdocs/

The permissions are the same on the real DocumentRoot as they are on the 
DocumentRoot inside the jail.

Any thoughts?

Thanks,
Steve

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
(Continue reading)

Permalink | Reply | 2 comments |
headers
Ivan Ristic | 2 Mar 00:41
Gravatar

Re: 403 Forbidden error

Steve McKinney wrote:
> I am running hardened-gentoo (with grsecurity) and have apache 2.0.55. I
> have installed mod_security 1.87 (the latest version gentoo has marked
> stable) and am using the chroot feature.
> 
> When I try to access a page using:
> 
> links http://127.0.0.1
> 
> I receive a 403 Forbidden error saying that I do not have permission to
> access / on this server.
> 
> I can access the page if I turn off mod_security
> 
> My current DocumentRoot is set to /var/www/localhost/htdocs/
> 
> So my html files are in:
> 
> /var/chroot/apache2/var/www/localhost/htdocs/
> 
> The permissions are the same on the real DocumentRoot as they are on the
> DocumentRoot inside the jail.
> 
> Any thoughts?

  The message in the error log will give you a clue as to
  what might be the problem.

  My guess is that you need something like:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ivan Ristic | 2 Mar 01:30
Gravatar

Re: 403 Forbidden error

Steve McKinney wrote:
> I am running hardened-gentoo (with grsecurity) and have apache 2.0.55. I
> have installed mod_security 1.87 (the latest version gentoo has marked
> stable) and am using the chroot feature.
> 
> When I try to access a page using:
> 
> links http://127.0.0.1
> 
> I receive a 403 Forbidden error saying that I do not have permission to
> access / on this server.
> 
> I can access the page if I turn off mod_security
> 
> My current DocumentRoot is set to /var/www/localhost/htdocs/
> 
> So my html files are in:
> 
> /var/chroot/apache2/var/www/localhost/htdocs/
> 
> The permissions are the same on the real DocumentRoot as they are on the
> DocumentRoot inside the jail.

  For the list: the permissions on /var/chroot/apache2 were incorrect.

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kamil.Golombek | 2 Mar 17:09

apache 2.2.0 and mod_security 1.9.2 causes crash under suse 9.3

Hello all, 

I would like to ask, if somebody have met similar problem like us:

The combination of apache 2.2.0 and mod_security 1.9.2 causes crash
under SuSE 9.3. 
Both apache and mod_security compiles w/o errors, but every request with
mod_security enabled causes SIGSEGV in current thread.
The reason is, that function ap_get_module_config is called with zero in
the module pointer (m).
The bug is the same under worker and prefork mpms.

More details are included in attachment. 

We have this problem since upgrade from apache 2.0 to 2.2 (mainly
because we needed to use new features in mod_proxy). For 2.0 we compiled
(and created RPM) mod_security 1.9.2 with no problems, but the similar
process failed with 2.2. We are not sure if problem could be more in
SuSE or mod_security. 

Any help is appreciated

Thanks

Kamil Golombek & BDO IT team
Attachment (mod_security.debug.tgz): application/x-compressed, 92 KiB
Permalink | Reply | 3 comments |
headers
Jeff Haney | 2 Mar 17:37
Picon

Access denied with code 403. IP Info: Failed to open IP Address DB

I'm trying to upgrade my Apache, PHP & mod_security installs to the latest versions and I'm getting the
following error:

Access denied with code 403. IP Info: Failed to open IP Address DB (2): No such file or directory

I'm running Apache 2.2.0, PHP  5.1.2 and mod_security nightly cvs snapshot from March 1 (tried
mod_security 1.9.2 too).  I installed mod_security using the "Static installation with Apache 2.x" method.

This occurs on every page and any time mod_security is enabled, even with no rules specified.  I'm running
Apache in a chrooted jail but was having some difficulty getting the mod_security chroot working.  I have
it working with another installation and intend to work through it on this install but for now I've copied
libraries to the chroot jail and I'm doing it the old fashioned way.

The error seems to indicate it's looking for some sort of file, an IP database of some type?  The frustrating
thing is I don't see this mentioned in the doc anywhere, if it is I haven't been able to find it.

I have another installation on a different server with a similar environment and I'm not having this
problem.  That environment is using php 4.4.1 and is using mod_security's chroot function.  Those two
things are the major differences, everything else is very similar to the environment with the problem.

Any help would be greatly appreciated.

Thanks,

-jah

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ivan Ristic | 2 Mar 18:21
Gravatar

Re: Access denied with code 403. IP Info: Failed to open IP Address DB

Jeff Haney wrote:
> I'm trying to upgrade my Apache, PHP & mod_security installs to the
> latest versions

  BTW, if you are looking for production-quality code stick
  with 1.9.x. What you got from the CVS is 2.0.0-dev1.

> and I'm getting the following error:
> 
> Access denied with code 403. IP Info: Failed to open IP Address DB
> (2): No such file or directory

  ModSecurity will attempt to open/create an IP database in
  <SERVER_ROOT>/logs/. This is not yet configurable.

> The frustrating thing is I don't see this mentioned in the doc
> anywhere, if it is I haven't been able to find it.

  As I said, it's the development branch. The docs will be available
  in a few days.

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ivan Ristic | 2 Mar 18:31
Gravatar

Re: apache 2.2.0 and mod_security 1.9.2 causes crash under suse 9.3

Kamil.Golombek <at> bdo-it.com wrote:
> Hello all, 
> 
> I would like to ask, if somebody have met similar problem like us:
> 
> The combination of apache 2.2.0 and mod_security 1.9.2 causes crash
> under SuSE 9.3. 

  FYI, I am successfully using Apache 2.2.0 on Debian 3.1.

> Both apache and mod_security compiles w/o errors, but every request with
> mod_security enabled causes SIGSEGV in current thread.
> The reason is, that function ap_get_module_config is called with zero in
> the module pointer (m).
> The bug is the same under worker and prefork mpms.

  This sounds like some Apache problem. The NULL value is supplied
  by Apache.

> We have this problem since upgrade from apache 2.0 to 2.2 (mainly
> because we needed to use new features in mod_proxy). For 2.0 we compiled
> (and created RPM) mod_security 1.9.2 with no problems, but the similar
> process failed with 2.2. We are not sure if problem could be more in
> SuSE or mod_security. 

  Are you able to run any other third-party modules compiled via DSO?

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jeff Haney | 2 Mar 19:08
Picon

Re: Access denied with code 403. IP Info: Failed to open IP Address DB

I thought I had tried 1.9.2 with the same results but obviously I was mistaken.  I'm not sure how I got confused
about that but it's probably got something to do with having two Apache installations running on this
machine, each in separate jails, doing the chroot myself and having to copy installation directories
around.  Anyway - as expected, it works fine with mod_security 1.9.2.  Thanks for putting me back on track
Ivan, sorry to have bothered you with this careless mistake.

And thanks for writing such an incredible piece of software :)

>Jeff Haney wrote:
>> I'm trying to upgrade my Apache, PHP & mod_security installs to the
>> latest versions
>
>  BTW, if you are looking for production-quality code stick
>  with 1.9.x. What you got from the CVS is 2.0.0-dev1.
>
>
>> and I'm getting the following error:
>> 
>> Access denied with code 403. IP Info: Failed to open IP Address DB
>> (2): No such file or directory
>
>  ModSecurity will attempt to open/create an IP database in
>  <SERVER_ROOT>/logs/. This is not yet configurable.
>
>
>> The frustrating thing is I don't see this mentioned in the doc
>> anywhere, if it is I haven't been able to find it.
>
>  As I said, it's the development branch. The docs will be available
>  in a few days.
(Continue reading)

Permalink | Reply | 0 comments |
headers
PERA, Christophe (SOGETI TRANSICIEL | 3 Mar 18:31

To perform rule before "?"


Hi,

I implement rules which must be performed before a "?" and not after.

I would like to use an attribute like SCRIPT_URI but ModSecurity seems to not understand it.

The syntax i use is like the following:

--> In httpd.conf:

SecFilterSelective [ATTRIBUTE] "[character to deny]" id:1000
...
SecFilter "[character to deny]" id:1010

--> In mapping.conf:

<Location /URI/≥
SecFilterRemove 1001 1005
</Location>

Any ideas?

Regards,
Christophe

This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the sender.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kamil Golombek | 6 Mar 16:02

Re: apache 2.2.0 and mod_security 1.9.2 causes crash under suse 9.3

Hello, 

we tried few recommended things, like compilation without optimalization. 
Segmentation fault is still there, but looks little bit different :-(. FYI 
the version of gcc is 3.3.5 20050117 (prerelease) (SUSE Linux). It looks like 
mod_security evaluate request as bad and tries to generate error output and 
errorlog. And at the same moment dies. 

I'm not aware of any other module compiled via DSO, but I have to check, if 
SuSE make something like that.

I don't know if it helps ... any ideas?

Thanks

Kamil Golombek
Attachment (apache2_log.tgz): application/x-tgz, 55 KiB
Permalink | Reply | 1 comment |

Gmane