The Apache Haus Forum

Advanced search  


Welcome to Apache Haus Distribution Forum

Sorry Guest, you are banned from posting and sending personal messages on this forum.
Error: S4296
This ban is not set to expire.
Pages: [1]   Go Down

Author Topic: mod_security BIG Proglem to "enable"  (Read 7909 times)


  • Newbie
  • *
  • Offline Offline
  • Posts: 8
mod_security BIG Proglem to "enable"
« on: April 02, 2014, 09:56:48 PM »

Sorry i am new her, i have too many problems with the mod_securtiy2

After problems to load the extension i have a problem to "enable" the module. My configfile like this:

Code: [Select]
LoadModule security2_module modules/

<IfModule mod_security2.c>

    # Turn the filtering engine On or Off
    SecFilterEngine On


If i try to restart the Apache (x64) i became the error that the apache cant start (The request operation failed...).
If i remove al lines between the IfModule the server starts.
I use Windows Server 2008R2 Datacenter (x64) and Apache 2.4.9 (VC9), mod_security2 (2.7.6)

what make i wrong ?

can any one help me pleas ?


  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 849
Re: mod_security BIG Proglem to "enable"
« Reply #1 on: April 04, 2014, 06:54:56 PM »

sorry for the late response,

What does the  error.log say about this? If there is nothing there, then what does the windows Event Log say about this?


  • Newbie
  • *
  • Offline Offline
  • Posts: 8
Re: mod_security BIG Proglem to "enable"
« Reply #2 on: April 04, 2014, 09:33:29 PM »

I try the example filter of the file readme.1st.txt:

Code: [Select]
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off

# Handling of file uploads
# TODO Choose a folder private to Apache.
# SecUploadDir /opt/apache-frontend/tmp/
SecUploadKeepFiles Off

# Debug log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0

# Serial audit log
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log

# Maximum request body size we will
# accept for buffering
SecRequestBodyLimit 131072

# Store up to 128 KB in memory
SecRequestBodyInMemoryLimit 131072

# Buffer response bodies of up to
# 512 KB in length
SecResponseBodyLimit 524288

# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
SecRule REQBODY_PROCESSOR_ERROR "[email protected] 0" \
"phase:2,id:'000001',t:none,log,deny,msg:'Failed to parse request body.',severity:2"

# By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your
# environment consider changing it to detection-only. You are encouraged
# _not_ to remove it altogether.
SecRule MULTIPART_STRICT_ERROR "[email protected] 0" \
"phase:2,id:'000002',t:none,log,deny,msg:'Multipart request body \
failed strict validation: \

# Did we see anything that might be a boundary?
SecRule MULTIPART_UNMATCHED_BOUNDARY "[email protected] 0" \
"phase:2,id:'000003',t:none,log,deny,msg:'Multipart parser detected a possible unmatched  boundary.'"

# Test mod_security
# below rule should flag
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,log,deny,msg:'Drive Access'"
# WEB-CGI websendmail access
# below rule should flag http://localhost/websendmail
SecRule REQUEST_URI "/websendmail" "id:'000004'"
I become this error in the logfile:

[Fri Apr 04 21:30:31.418175 2014] [mpm_winnt:notice] [pid 160252:tid 520] AH00424: Parent: Received restart signal -- Restarting the server.
AH00526: Syntax error on line 48 of C:/server/websites/modsecurity.conf:
Error parsing actions: Invalid quoted pair at position 160: phase:2,id:'000002',t:none,log,deny,msg:'Multipart request body \t\tfailed strict validation: \t\tPE %{REQBODY_PROCESSOR_ERROR}, \t\tBQ %{MULTIPART_BOUNDARY_QUOTED}, \\
[Fri Apr 04 21:30:33.426175 2014] [mpm_winnt:notice] [pid 147708:tid 460] AH00364: Child: All worker threads have exited.

My target is the URL views as to prevent, so as to increase the security


  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: mod_security BIG Proglem to "enable"
« Reply #3 on: April 05, 2014, 02:53:27 PM »

try this in httpd.conf

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off


  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 849
Re: mod_security BIG Proglem to "enable"
« Reply #4 on: April 06, 2014, 08:40:07 PM »

Odd, I do not see an invalid quoted pair here
SecRule REQBODY_PROCESSOR_ERROR "[email protected] 0" \
      "phase:2,id:'000001',t:none,log,deny,msg:'Failed to parse request body.',severity:2"

but just to be sure, add a blank space after the \ in the first line and see.
Pages: [1]   Go Up

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13