Configure modsecurity | Centos 5x

Bismillah

First time install modsecurity I find some trouble on my server, my browser answer Bad Request … “Your browser sent a request that this server could not understand.” what the trouble.

And I search on Google not answering for me, I Trush my brain to find trouble modsecurity.

so I cek on log server

tail -f /var/log/httpd/error_log


[Fri Oct 02 03:25:28 2009] [error] [client 172.16.x.x] ModSecurity: Access denied with code 400 (phase 2). Pattern match “^[\\d\\.]+$” at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "172.16.x.x"] [uri "/favicon.ico"] [unique_id "csjf638AAAEAAFz-OUUAAAAC"]. this’s trouble on modsecurity module and edit on

vim /etc/httpd/conf.d/mod_security.conf

Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf give the ” #” restart you apache or httpd

services httpd restart

running on you’s browser.. tara … I cek on log [Fri Oct 02 03:45:14 2009] [error] [client 172.16.x.x] File does not exist: /var/www/html/favicon.ico, referer: http://172.16.10.36/ troubles same . Good lucky

Categories: Hacking - Tutorial - Umum
Tags: - - -
1 October 2009 at 19:48 - Comments