headers
Kim Galileo | 1 Oct 22:52
Picon
Favicon

Re: simple question

 
 
Very sorry to bring this up again, this is the licensing clarification you had from your website.
 
1. You should note that it is not possible to combine ModSecurity licensed under GPLv2 with the Apache web server. This is because GPLv2 is not compatible with any of the Apache licences. (For more information see http://www.gnu.org/philosophy/license-list.html#GPLIncompatibleLicenses.)
 
What does this mean, do we have legal and defendable license to use mod-security on apache. This broughtup by our manager, unless we know it is legal and there are no surprises we can't continue to work towards production  based on modsecurity.  What are we missing, would you calrify please.
 
Thanks,


Ivan Ristic <ivan.ristic <at> gmail.com> wrote:
On 9/26/06, Kim Galileo wrote:
>
> I think community involvement becomes difficult because of Apache and GPL
> incomptiblity issues. Let us say you are not with the new company, does
> community and you have legal rights to continue development of mod-security.
> OpenBSD and NetBSD (which is for profit) co-existed because they were
> catering to different user communities, one needs support and othe doesn't.
> There will be less maintenance too, Apache foundation supports several
> important components community needs like mod-ssl, mod-proxy etc. Exisitng
> mod-security users do they really have legal license to use the product,
> because of this incompatiblity issue. By adopting single license these
> problems can be avoided.

I chose GPLv2 for ModSecurity because I believed it would serve its
needs better. GPLv2 ensures whoever adds to the product must give the
changes back to the community and this is exactly why I like it. I
understand this can be debated but I wouldn't want our email exchange
to turn into a licensing debate. I made my choice a long time ago and
it has nothing to do with Breach Security and the acquisition :)

I am not afraid for ModSecurity in the slightest. It's an open source
product based around a very strong licence. It cannot die if the
community doesn't want it to die.

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Permalink | Reply | 1 comment |
headers
Ivan Ristic | 2 Oct 09:57
Picon

Re: simple question

On 10/1/06, Kim Galileo <kim.galieo <at> yahoo.com> wrote:
>
> Very sorry to bring this up again, this is the licensing clarification you
> had from your website.

No problem. But have in mind that I am not a lawyer and therefore
cannot give advice.

> 1. You should note that it is not possible to combine ModSecurity licensed
> under GPLv2 with the Apache web server. This is because GPLv2 is not
> compatible with any of the Apache licences. (For more information see
> http://www.gnu.org/philosophy/license-list.html#GPLIncompatibleLicenses.)
>
> What does this mean, do we have legal and defendable license to use
> mod-security on apache. This broughtup by our manager, unless we know it is
> legal and there are no surprises we can't continue to work towards
> production  based on modsecurity.  What are we missing, would you calrify
> please.

I believe the above statement to be true but what's missing there is a
clarification that it is perfectly legal for the end users to combine
ModSecurity (under GPLv2) with Apache and use it, for as long as they
don't redistribute the combination (either as source or as binary).
This is because the incompatible clauses in the respective licences
are only triggered on redistribution.

I will make sure the clarification is added.

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 0 comments |
headers
Ariel Jolodovsky | 2 Oct 16:09
Picon

Re: Vhost support

Thank you guys :)

(Also my previous question about the ApproverScript has been solved because of 
you :))

El Lunes, 2 de Octubre de 2006 5:02 AM, escribió:
> On 9/29/06, Ariel Jolodovsky <ariel <at> powersite.com.ar> wrote:
> > Hi, is there anyway of having control of the Filter per Vhost ?
> > Now I'm using <Location /somedir/≥ to put
> > SecFilterInheritance Off. Is there anyway of putting it but per vhost ?
>
> Yes, just add the signatures into a <VirtualHost> container.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 0 comments |
headers
Peter M. Abraham | 2 Oct 16:47
Favicon

Re: How to exclude two rules

Greetings Ivan:

The rules at 
http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf do 
not include an ID.

I posted the two rules which cause a break.

Changing

SecFilterSelective REQUEST_URI 
"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"

To be

SecFilterSelective REQUEST_URI

"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?" 
id:525252

Gives an error when restarting apache stating the id has to be at the 
start of the chain.

Thank you.

At 04:05 AM 10/2/2006, Ivan Ristic wrote:
>On 9/28/06, Peter M. Abraham <support.team <at> dynamicnet.net> wrote:
>>Greetings:
>>
>>In addition to our own custom rules, we use rules from gotrootkit.com
>>
>>For http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf
>>in particular there are two rules that a client application breaks:
>>
>>
>>SecFilterSelective REQUEST_URI
>>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
>>
>>and
>>
>>SecFilterSelective REQUEST_URI
>>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
>>
>>
>>As part of the path for the client application, it always has the following:
>>
>>         /public/clickTrack.php
>>
>>How can I remove just those two rules?
>
>Ideally, gotroot rules would come with IDs already in place making it
>easy for you to use SecFilterRemove.
>
>
>>I tried SecFilterRemove from
>>http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/03-configuration.html
>>but I cannot individually label the above two rules as I get another
>>error message (that prevents Apache from starting at all) stating the
>>ID must be the first part of the chain.
>
>I think that's the correct course of action. Can you please include
>the bits that cause an error?
>
>--
>Ivan Ristic

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 6 comments |
headers
Steve West | 2 Oct 17:09
Picon
Favicon

Re: How to exclude two rules

--- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:

> Changing
> 
> SecFilterSelective REQUEST_URI 
>
"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> 
> To be
> 
> SecFilterSelective REQUEST_URI 
>
"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> 
> id:525252
> 
> Gives an error when restarting apache stating the id has to be at the 
> start of the chain.

try putting the id in quotes like this:

SecFilterSelective REQUEST_URI
"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
"id:525252"

Also please do report this issue to Michael @ gotroot.com:
http://gotroot.com/tiki-index.php?page=Add+a+new+Rule

SW

 
> At 04:05 AM 10/2/2006, Ivan Ristic wrote:
> >On 9/28/06, Peter M. Abraham <support.team <at> dynamicnet.net> wrote:
> >>Greetings:
> >>
> >>In addition to our own custom rules, we use rules from gotrootkit.com
> >>
> >>For http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf
> >>in particular there are two rules that a client application breaks:
> >>
> >>
> >>SecFilterSelective REQUEST_URI
>
>>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
> >>
> >>and
> >>
> >>SecFilterSelective REQUEST_URI
>
>>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> >>
> >>
> >>As part of the path for the client application, it always has the
> following:
> >>
> >>         /public/clickTrack.php
> >>
> >>How can I remove just those two rules?
> >
> >Ideally, gotroot rules would come with IDs already in place making it
> >easy for you to use SecFilterRemove.
> >
> >
> >>I tried SecFilterRemove from
>
>>http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/03-configuration.html
> >>but I cannot individually label the above two rules as I get another
> >>error message (that prevents Apache from starting at all) stating the
> >>ID must be the first part of the chain.
> >
> >I think that's the correct course of action. Can you please include
> >the bits that cause an error?
> >
> >--
> >Ivan Ristic
> 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 4 comments |
headers
Peter M. Abraham | 2 Oct 17:37
Favicon

Re: How to exclude two rules

Greetings:

Even with quotes, I get

         Starting httpd: Syntax error on line 28 of 
/etc/mod_security/rootkits.conf:
         Action "id" cannot be used on a chained rule that did not 
start the chain

Thank you.

At 11:09 AM 10/2/2006, Steve West wrote:
>--- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:
>
> > Changing
> >
> > SecFilterSelective REQUEST_URI
> >
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> >
> > To be
> >
> > SecFilterSelective REQUEST_URI
> >
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> >
> > id:525252
> >
> > Gives an error when restarting apache stating the id has to be at the
> > start of the chain.
>
>try putting the id in quotes like this:
>
>
>SecFilterSelective REQUEST_URI
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
>"id:525252"
>
>Also please do report this issue to Michael @ gotroot.com:
>http://gotroot.com/tiki-index.php?page=Add+a+new+Rule
>
>SW

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 3 comments |
headers
Steve West | 2 Oct 18:28
Picon
Favicon

Re: How to exclude two rules

--- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:

> Even with quotes, I get
>
>          Starting httpd: Syntax error on line 28 of 
> /etc/mod_security/rootkits.conf:
>          Action "id" cannot be used on a chained rule that did not 
> start the chain

My apology I didn't look close to your rule but it appears that it's missing
something. I would disable this rule and report it to gotroot.com as a bad
rule.

SW

> 
> Thank you.
> 
> At 11:09 AM 10/2/2006, Steve West wrote:
> >--- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:
> >
> > > Changing
> > >
> > > SecFilterSelective REQUEST_URI
> > >
>
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> > >
> > > To be
> > >
> > > SecFilterSelective REQUEST_URI
> > >
>
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> > >
> > > id:525252
> > >
> > > Gives an error when restarting apache stating the id has to be at the
> > > start of the chain.
> >
> >try putting the id in quotes like this:
> >
> >
> >SecFilterSelective REQUEST_URI
>
>"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> >"id:525252"
> >
> >Also please do report this issue to Michael @ gotroot.com:
> >http://gotroot.com/tiki-index.php?page=Add+a+new+Rule
> >
> >SW
> 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 1 comment |
headers
Peter M. Abraham | 3 Oct 19:13
Favicon

Re: How to exclude two rules

Greetings:

Thanks to Ivan, Justin Grindea, and Steve West.

While I was starting to right the manager of gotroot.com, I checked 
the rules for rootkits.conf in real time.  I must have had an older 
set that did not include the ID's.

The problem I had trying to do it on my own was that I was trying to 
make "id" a separate entry (same line, but delimited from the rest).

ie.

	chain	"id:xyz"

As shown in the documentation

	
	SecFilter YYY id:1002

Yet when the "chain" is used, other options are comma delimited 
within the same quotes as in

	"chain,id:390144,rev:1,severity:2,msg:'Rootkit attack: Generic 
Attempt to install rootkit'"

Rather than

	chain	"id:390144"

or
	"chain" "id:390144"

Thank you for your input, time, patience, and help.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 0 comments |
headers
Michael Shinn | 3 Oct 19:48
Favicon

Re: How to exclude two rules

The syntax is just wrong with his changes.  You can't put an id on a
line that follows a chain declaration, you have to declare the id on the
first line.

Also, those specific rules have ids, I think he may have an older
version of the rules:

SecFilterSelective REQUEST_URI "!(horde/services/go\.php)"
"chain,id:390144,rev:1,severity:2,msg:'Rootkit attack: Generic Attempt
to install rootkit'"
SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|
jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
SecFilterSelective REQUEST_URI "!(horde/services/go\.php)"
"chain,id:390145,rev:1,severity:2,msg:'Rootkit attack: Generic Attempt
to install rootkit'"
SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|
jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"

On Mon, 2006-10-02 at 09:28 -0700, Steve West wrote:
> --- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:
> 
> > Even with quotes, I get
> >
> >          Starting httpd: Syntax error on line 28 of 
> > /etc/mod_security/rootkits.conf:
> >          Action "id" cannot be used on a chained rule that did not 
> > start the chain
> 
> My apology I didn't look close to your rule but it appears that it's missing
> something. I would disable this rule and report it to gotroot.com as a bad
> rule.
> 
> SW
> 
> 
> > 
> > Thank you.
> > 
> > At 11:09 AM 10/2/2006, Steve West wrote:
> > >--- "Peter M. Abraham" <support.team <at> dynamicnet.net> wrote:
> > >
> > > > Changing
> > > >
> > > > SecFilterSelective REQUEST_URI
> > > >
> >
> >"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> > > >
> > > > To be
> > > >
> > > > SecFilterSelective REQUEST_URI
> > > >
> >
> >"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> > > >
> > > > id:525252
> > > >
> > > > Gives an error when restarting apache stating the id has to be at the
> > > > start of the chain.
> > >
> > >try putting the id in quotes like this:
> > >
> > >
> > >SecFilterSelective REQUEST_URI
> >
> >"=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
> > >"id:525252"
> > >
> > >Also please do report this issue to Michael @ gotroot.com:
> > >http://gotroot.com/tiki-index.php?page=Add+a+new+Rule
> > >
> > >SW
> > 
> > 
> > -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share your
> > opinions on IT & business topics through brief surveys -- and earn cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users <at> lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
--

-- 
Michael T. Shinn                                    KeyID:0xDAE2EC86
Key Fingerprint:  1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86

Got Root?  http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls:  http://troubleshootingfirewalls.com

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 0 comments |
headers
JiJo Robert | 4 Oct 01:50
Picon
Favicon

basics

I have
installed mod_security with apached 2.x I have added
the follwoing line in httpd.conf file. 

"LoadModule security_module   
modules/mod_security/mod_security.so" to httpd.conf
file.

How can I test with a sample application? Should the
sample application be in Apache webapps directory?

Thanks
Jijo

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Permalink | Reply | 5 comments |

Gmane