headers
Ofer Shezaf | 2 Feb 2009 15:38

WordPress exceptions to core rule set

I found this very interesting page that details a complete exceptions list to run WordPress with ModSecurity. I have contacted the author to ask for specific versions of the products:

 

http://www.fulltiming.info/linux-administration-and-management/mod-security-and-wordpress-the-final-config

 

I am collecting information on rules needed to run specific applications on my site at http://www.xiom.com/modsecurity/application-specific-rules and would love to hear from you if you have any such tips for others. It would benefit the entire ModSecurity community.

 

~ Ofer

 

Ofer Shezaf [shezaf <at> xiom.com, +972-54-4431119, www.xiom.com]

 

Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com

Chairman, OWASP Israel

Leader, WASC Web Hacking Incidents Database Project

 

 

 

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |
headers
Ade | 2 Feb 2009 15:56
Picon

Re: WordPress exceptions to core rule set

2009/2/2 Ofer Shezaf <ofer <at> shezaf.com>:
> I found this very interesting page that details a complete exceptions list
> to run WordPress with ModSecurity. I have contacted the author to ask for
> specific versions of the products:
>
>
>
> http://www.fulltiming.info/linux-administration-and-management/mod-security-and-wordpress-the-final-config
>
>
>
> I am collecting information on rules needed to run specific applications on
> my site at http://www.xiom.com/modsecurity/application-specific-rules and
> would love to hear from you if you have any such tips for others. It would
> benefit the entire ModSecurity community.
>

I think this would be an invaluable resource for the mod-security community

Thanks Ofer

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Ofer Shezaf | 2 Feb 2009 20:48

Re: WordPress exceptions to core rule set

Following my earlier e-mail I received several additional rules for specific applications and added them to http://www.xiom.com/modsecurity/application-specific-rules. Marc Stern has also reminded me of cmdLind, his invaluable add on filter to ModSecurity to avoid command injection evasion, so I updated the page on tools and add-ins at http://www.xiom.com/modsecurity/tools. Please remind me of any tool I forgot.

 

~ Ofer

 

Ofer Shezaf [shezaf <at> xiom.com, +972-54-4431119, www.xiom.com]

 

From: Ofer Shezaf [mailto:ofer <at> shezaf.com]
Sent: Monday, February 02, 2009 4:38 PM
To: 'mod-security-users <at> lists.sourceforge.net'
Subject: WordPress exceptions to core rule set

 

I found this very interesting page that details a complete exceptions list to run WordPress with ModSecurity. I have contacted the author to ask for specific versions of the products:

 

http://www.fulltiming.info/linux-administration-and-management/mod-security-and-wordpress-the-final-config

 

I am collecting information on rules needed to run specific applications on my site at http://www.xiom.com/modsecurity/application-specific-rules and would love to hear from you if you have any such tips for others. It would benefit the entire ModSecurity community.

 

~ Ofer

 

Ofer Shezaf [shezaf <at> xiom.com, +972-54-4431119, www.xiom.com]

 

Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com

Chairman, OWASP Israel

Leader, WASC Web Hacking Incidents Database Project

 

 

 

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 501 comments |
headers
yersinia | 4 Feb 2009 18:20
Picon

Re: WordPress exceptions to core rule set

On Mon, Feb 2, 2009 at 8:48 PM, Ofer Shezaf <ofer <at> shezaf.com> wrote:
> Following my earlier e-mail I received several additional rules for specific
> applications and added them to
> http://www.xiom.com/modsecurity/application-specific-rules. Marc Stern has
> also reminded me of cmdLind, his invaluable add on filter to ModSecurity to
> avoid command injection evasion, so I updated the page on tools and add-ins
> at http://www.xiom.com/modsecurity/tools. Please remind me of any tool I
> forgot.
>
First of All, Thanks. Second, in my opinion, it should be best don't consider something like
http://www.fulltiming.info/linux-administration-and-management/modsecurity-and-phpmyadmin
as a good example of customizing mod_security  - e.g disabling it because a site is password protected. I use mod_security also on 2FA protected site on the assumption that not the user but something else in place of him - a worm, virus and so on - could be do damage to web site.  Best should be following a "positive security model" for mod_security if the core rule -  a negative security model -  that cause false positive are so much. So  please not consider my observation a sharp criticism at your work. On the countrary. Having a site that post  useful mod_security recipes should be have a good look on the rule quality - and so rule security - in first place. Sure, on the term "quality" in this contest everyone could be have different opinion. 

Best Regards 

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 501 comments |
headers
derek wang | 5 Feb 2009 06:12
Picon

Question reguarding Disruptive Actions: "Proxy"

Dear All,
 
I am a beginner for Mod-Security and have a question regarding the usage of Proxy disruptive action.
 
My senario is to setup 2 mirrored web site: SiteA production and SiteB Honeypot server.
 
My expectation is that any evil http request will go to the ACCORDING URL on Henypot server while legal request reaches to the production server. Does Mod-Security+Mod-proxy support this?
 
I tried the followng (let's take SQL injection as an example):
 
SiteA: localhost:80
SiteB: localhost:8888 (honeypot)
 
1. On SiteA, I configured Mod-Security and add "proxy:http://localhost:8888" on SQL injection SecRule
 
2. Access: http://localhost/1/test.jsp?id=1&union select ... 
 
I expact that mod-security would act as a reverse proxy. and it should access the same page with http://localhost:8888/1/test.jsp?id=1&union ..... (while the URL still show http://localhost/1/test.jsp?id=1&union select ... )
 
However my test result shows that I got the home page of http://localhost:8888 (while the URL is still http://localhost/1/test.jsp?id=1&union select ... )
 
Did I miss anything or it is a by designed behavior for proxy disruptive action?
 
Thanks a lot and have a nice day!
 
Regards,
Derek
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 2 comments |
headers
Christian Bockermann | 5 Feb 2009 09:18

Re: Question reguarding Disruptive Actions: "Proxy"

Hi Derek!

Am 05.02.2009 um 06:12 schrieb derek wang:
> My senario is to setup 2 mirrored web site: SiteA production and  
> SiteB Honeypot server.
>
> My expectation is that any evil http request will go to the  
> ACCORDING URL on Henypot server while legal request reaches to the  
> production server. Does Mod-Security+Mod-proxy support this?

Interesting setup. Is definitely possible with ModSecurity+ModProxy  
(+ModRewrite?)

>  I tried the followng (let's take SQL injection as an example):
>
> SiteA: localhost:80
> SiteB: localhost:8888 (honeypot)
>
> 1. On SiteA, I configured Mod-Security and add "proxy:http://localhost:8888 
> " on SQL injection SecRule
>
> 2. Access: http://localhost/1/test.jsp?id=1&union select ...
>
> I expact that mod-security would act as a reverse proxy. and it  
> should access the same page with http://localhost:8888/1/test.jsp?id=1&union 
>  ..... (while the URL still show http://localhost/1/test.jsp?id=1&union 
>  select ... )
>
> However my test result shows that I got the home page of http://localhost:8888 
>  (while the URL is still http://localhost/1/test.jsp?id=1&union  
> select ... )
>

What do the server logs of SiteB say? Has it received and processed  
the request including the
union? If yes, then your setup worked fine in principle. If it just  
the "default" page of SiteB
you're seeing this might have arbitrary reasons,e.g. the "Host"-header  
still contains "localhost",
but is expected to contain "localhost:8888", or the URL is not found  
on SiteB. All this will we
logged to either access.log or error.log of SiteB.

You can also enable the full auditing on both sites to see what  
happens. Just use

	SecAuditEngine On

in your setup. And re-send the request (you might a well want to have  
a look at the
AuditViewer at http://www.jwall.org/web/audit/viewer.jsp for modifying/ 
re-sending single requests
to your setup).

Did you try with mod_rewrite instead of the proxy action? See http://www.jwall.org/re_proxy.jsp
for a small snippet on how to combine mod_security with mod_rewrite.

>  Did I miss anything or it is a by designed behavior for proxy  
> disruptive action?
>

It's hard to tell without knowing the complete setup.

Regards,
    Chris

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Ofer Shezaf | 5 Feb 2009 10:40

Re: WordPress exceptions to core rule set

Thanks.

 

I agree. I did not look closely enough at the rule. Karl, who is the originator of the rule, is working on creating more elaborate exceptions that will not disable mod_security entirely. See his updates at  http://www.fulltiming.info/linux-administration-and-management/modsecurity-and-phpmyadmin

 

One other note: this is a very good reason to publish your rules. Peer review is a very good way to both contribute and get peer review of your rules to make them better.

 

~ Ofer

 

Ofer Shezaf [shezaf <at> xiom.com, +972-54-4431119, www.xiom.com]

 

From: pinto.elia <at> gmail.com [mailto:pinto.elia <at> gmail.com] On Behalf Of yersinia
Sent: Wednesday, February 04, 2009 7:20 PM
To: Ofer Shezaf
Cc: mod-security-users <at> lists.sourceforge.net
Subject: Re: [mod-security-users] WordPress exceptions to core rule set

 

On Mon, Feb 2, 2009 at 8:48 PM, Ofer Shezaf <ofer <at> shezaf.com> wrote:
> Following my earlier e-mail I received several additional rules for specific
> applications and added them to
> http://www.xiom.com/modsecurity/application-specific-rules. Marc Stern has
> also reminded me of cmdLind, his invaluable add on filter to ModSecurity to
> avoid command injection evasion, so I updated the page on tools and add-ins
> at http://www.xiom.com/modsecurity/tools. Please remind me of any tool I
> forgot.
>
First of All, Thanks. Second, in my opinion, it should be best don't consider something like
http://www.fulltiming.info/linux-administration-and-management/modsecurity-and-phpmyadmin
as a good example of customizing mod_security  - e.g disabling it because a site is password protected. I use mod_security also on 2FA protected site on the assumption that not the user but something else in place of him - a worm, virus and so on - could be do damage to web site.  Best should be following a "positive security model" for mod_security if the core rule -  a negative security model -  that cause false positive are so much. So  please not consider my observation a sharp criticism at your work. On the countrary. Having a site that post  useful mod_security recipes should be have a good look on the rule quality - and so rule security - in first place. Sure, on the term "quality" in this contest everyone could be have different opinion. 

Best Regards 

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Ryan Barnett | 5 Feb 2009 13:58

Re: Question reguarding Disruptive Actions: "Proxy"

From: derek wang [mailto:derekwang77 <at> gmail.com]
Sent: Thursday, February 05, 2009 12:13 AM
To: mod-security-users <at> lists.sourceforge.net
Subject: [mod-security-users] Question reguarding Disruptive Actions: "Proxy"

 

Dear All,

 

I am a beginner for Mod-Security and have a question regarding the usage of Proxy disruptive action.

 

My senario is to setup 2 mirrored web site: SiteA production and SiteB Honeypot server.

 

My expectation is that any evil http request will go to the ACCORDING URL on Henypot server while legal request reaches to the production server. Does Mod-Security+Mod-proxy support this?

 

I tried the followng (let's take SQL injection as an example):

 

SiteA: localhost:80

SiteB: localhost:8888 (honeypot)

 

1. On SiteA, I configured Mod-Security and add "proxy:http://localhost:8888" on SQL injection SecRule

 

2. Access: http://localhost/1/test.jsp?id=1&union select ... 

 

I expact that mod-security would act as a reverse proxy. and it should access the same page with http://localhost:8888/1/test.jsp?id=1&union ..... (while the URL still show http://localhost/1/test.jsp?id=1&union select ... )

 

However my test result shows that I got the home page of http://localhost:8888 (while the URL is still http://localhost/1/test.jsp?id=1&union select ... )

 

Did I miss anything or it is a by designed behavior for proxy disruptive action?

 

[Ryan Barnett] I ran some tests and encountered the same thing that you did – that the requested filename data is missing from the proxied request.  Fortunately, this can be fixed by using macro expansion in the proxy action like this – proxy:http://192.168.1.104:8888%{request_filename}.  I just tested the following basic rule –

 

SecRule ARGS "select" "phase:2,t:lowercase,log,proxy:http://192.168.1.104:8888%{request_filename}”

 

I then had a netcat listener at 192.168.1.104 on port 8888.  I then sent a WebGoat POST request which contained an SQL Injection string and it was properly proxied to the netcat listener –

 

$ nc -l -p 8888

POST /WebGoat/attack?Screen=801&menu=1600 HTTP/1.1

Host: 192.168.1.104:8888

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Referer: http://www.webgoat.net/WebGoat/attack?Screen=801&menu=1600

Cookie: JSESSIONID=D798FE268D317B360020B9D797EFF2A1

Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=

Content-Type: application/x-www-form-urlencoded

Max-Forwards: 10

X-Forwarded-For: 192.168.1.104

X-Forwarded-Host: www.webgoat.net

X-Forwarded-Server: www.example.com

Connection: Keep-Alive

Content-Length: 148

 

QTY=UNION+SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES--+&SUBMIT=Purchase&Price=2999.99

 

 

Thanks a lot and have a nice day!

 

Regards,

Derek

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Nagaraju Lanka | 7 Feb 2009 09:56
Picon

hardware requirements for installing mod security

Hi:
 
What are the hardware requirements for installing modesecurity?
 
Thanks,
Nrlanka
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Mesut GULNAZ | 7 Feb 2009 13:36
Picon

freebsd mod_security http CPU problem

I installed mod_security on my bsd box.

 

FreeBSD 5.4-STABLE

mod_security-2.5.7_1

apache-2.2.9_5

postgresql-client-8.2.4

postgresql-server-8.2.9

 

when i enable the mod_security in the httpd.conf and set it to “ON” mode, instead of “detectonly”, and loglevel to “3”, my server is getting CPU usage problem like this.

 

last pid: 51183;  load averages:  1.32,  6.56, 18.39                                                       up 87+13:33:00  14:27:24

100 processes: 2 running, 98 sleeping

CPU states: 88.0% user,  0.0% nice, 10.9% system,  1.2% interrupt,  0.0% idle

Mem: 281M Active, 2321M Inact, 384M Wired, 162M Cache, 112M Buf, 679M Free

Swap: 6144M Total, 136K Used, 6144M Free

 

  PID USERNAME        PRI NICE   SIZE    RES STATE    TIME   WCPU    CPU COMMAND

50542 www             129    0 29024K 20000K RUN      0:22 59.12% 58.50% httpd

50921 www              97    0 25452K 16004K select   0:00  0.95%  0.83% httpd

50556 www               4    0 25116K 15788K accept   0:00  0.20%  0.20% httpd

  693 root             96    0  8092K  4228K select 763:46  0.15%  0.15% snmpd

50632 www              96    0 25072K 15708K select   0:00  0.10%  0.10% httpd

51111 www              96    0 25596K 16072K select   0:00  0.19%  0.10% httpd

45916 pgsql           122    0   538M  5236K select   0:04  0.05%  0.05% postgres

50503 www              96    0 25372K 15864K select   0:00  0.05%  0.05% httpd

50540 www              96    0 25052K 15656K select   0:00  0.05%  0.05% httpd

50562 www               4    0 25084K 15692K accept   0:00  0.05%  0.05% httpd

95104 mysql            20    0   498M   159M kserel 128:04  0.00%  0.00% mysqld

 8792 root              8    0 24892K 15452K nanslp   1:09  0.00%  0.00% httpd

  352 root             96    0  1412K   796K select   0:51  0.00%  0.00% syslogd

  679 root             96    0  2544K  1620K select   0:50  0.00%  0.00% proftpd

98545 bind             96    0  5656K  4088K select   0:31  0.00%  0.00% named

45724 root             96    0  3768K  2752K select   0:21  0.00%  0.00% sendmail

  525 root              8    0  1452K   968K nanslp   0:16  0.00%  0.00% cron

 

At this point when i look at the mod_security logs, i see this lines many many.

 

[07/Feb/2009:14:31:46 +0200] [www.mydomain.com/sid#80c4180][rid#8645058][/iem/rss/index.php][2] Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/etc/apache22/Includes/mod_security2/modsecurity_crs_21_protocol_anomalies.conf"] [line "48"] [id "960009"] [msg "Request Missing a User Agent Header"] [severity "WARNING"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]

 

[07/Feb/2009:14:36:02 +0200] [www.mydomain.com/sid#80c4180][rid#8630058][/iem/index.php][2] Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/etc/apache22/Includes/mod_security2/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"]

 

When i disable mod_security in httpd.conf everything is OK.

 

last pid: 49702;  load averages:  0.42, 12.41, 23.50                                                       up 87+13:29:14  14:23:38

92 processes:  1 running, 90 sleeping, 1 zombie

CPU states:  7.0% user,  0.0% nice,  7.8% system,  0.4% interrupt, 84.9% idle

Mem: 372M Active, 2320M Inact, 384M Wired, 162M Cache, 112M Buf, 589M Free

Swap: 6144M Total, 136K Used, 6144M Free

 

  PID USERNAME        PRI NICE   SIZE    RES STATE    TIME   WCPU    CPU COMMAND

49438 www              96    0 29152K 20048K select   0:00  1.06%  0.93% httpd

95104 mysql            20    0   498M   159M kserel 128:03  0.29%  0.29% mysqld

  693 root             96    0  8092K  4228K select 763:45  0.15%  0.15% snmpd

 8792 root              8    0 24476K 15016K nanslp   1:09  0.00%  0.00% httpd

  352 root             96    0  1412K   796K select   0:51  0.00%  0.00% syslogd

  679 root             96    0  2544K  1620K select   0:50  0.00%  0.00% proftpd

98545 bind             96    0  5656K  4088K select   0:31  0.00%  0.00% named

45724 root             96    0  3768K  2752K select   0:21  0.00%  0.00% sendmail

  525 root              8    0  1452K   968K nanslp   0:16  0.00%  0.00% cron

  451 root             96    0  1328K   720K select   0:07  0.00%  0.00% usbd

45916 pgsql           112    0   538M  5236K select   0:03  0.00%  0.00% postgres

27647 mesut            96    0  5984K  2368K select   0:02  0.00%  0.00% sshd

45919 pgsql            96    0  9008K  5128K select   0:01  0.00%  0.00% postgres

46177 www              96    0 54556K 45484K select   0:01  0.00%  0.00% httpd

48236 www              96    0 31408K 22444K select   0:01  0.00%  0.00% httpd

46224 www              96    0 29160K 20184K select   0:01  0.00%  0.00% httpd

 

What can i do to solve this problem.

 

Thanks alot…

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |

Gmane