ModSecurity Web Application Firewall For Apache - No Button
Sep 7, 2014
After install the ModSecurity Web Application Firewall for Apache no button for manageing module is displayed in plesk.
Installation was successful. How can I repair the button in plesk / webbased manage mod_security?
View 13 Replies
ADVERTISEMENT
Jul 30, 2014
We've been experiencing a lot of trouble with novice customers that want to install an Application Vault package that has sub-optimal default settings, e.g.
customer wants to install wordpress, clicks on Application Vault -> wordpress -> "INSTALL"
This will install, without any questions for settings, wordpress into domain.com/wordpress - which is not what people want. I know that there is a button with teh drop down menu that shows "custom", however, people don't see/know about it and click "install".
Is there a way to remove / replace the "quick install" button and have the "install custom" as default.
View 2 Replies
View Related
May 26, 2015
I currently have the Web Application Firewall (ModSecurity) installed but would like a visual interface to block IP's, subnets etc.. Can I install the Plesk firewall as well without any conflict with the Web Application Firewall?
View 3 Replies
View Related
Oct 24, 2014
I have enabled modsecurity system and in 1 day the modsec_audit.log file has grown to more than 700Mb. Is there any way to reduce the number of messages that this module logs?
View 4 Replies
View Related
Nov 14, 2008
to add an application firewall to an IIS server for PCI compliance reasons.
I know the breach product is one option. From what I can tell, they are the people that maintain mod_security now. Is that right?
Besides the breach appliance, what other options do I have for an application firewall for IIS 6 and IIS 7?
View 2 Replies
View Related
Apr 25, 2008
good firewall program that is recommended and includes the following;
- Attack Protection (Block the IP's automatically)
- Does all basic firewall necessities
- Uses the least amount of resources (CPU, Memory) possible
- Is the best out there
I currently use Sygate Firewall and find it very useful. Just would like to know if there is anything better than this.
I am just looking for the best that would be for my server. I host a couple game servers on there, and that is about it.
View 5 Replies
View Related
Oct 13, 2014
whenever one of my customers tries to install an application from the application installer, they get an error that looks like this.
Error: Installation of WordPress at http://*******.com/wordpress failed. Non-zero exit status returned by script. Output stream: 'PHP Warning: mysql_connect(): Access denied for user 'ndari_wordpres_7'@'aeris.jdrepo.com' (using password: YES) in /opt/psa/var/apspackages/apscatalogSTqEEM.zip7b3ca133-9714-5d/cache/scripts/db-util.php on line 66 '.
Error stream: 'PHP Warning: mysql_connect(): Access denied for user 'ndari_wordpres_7'@'aeris.jdrepo.com' (using password: YES) in /opt/psa/var/apspackages/apscatalogSTqEEM.zip7b3ca133-9714-5d/cache/scripts/db-util.php on line 66 '.Click to expand...
View 2 Replies
View Related
Jan 7, 2013
I'm trying to integrate the websocket into existing application.Based on my search, i found a websocket module to do this, but it isn't updated yet. URL...
Any chance that the module will be included in Apache ? Also i found in StackOverflow conversation that Apache httpd wasn't design to maintain persistent connection, is that true ? Using WebSocket on Apache server. Should continue using Apache websocket module or using separate websocket server ?
View 6 Replies
View Related
Feb 12, 2013
I installed apache 2.4.3 in windows server 2003. Since i did not get administrator rights in this machine i could not install as a service.
I runned as an application through the command line console and is working fine.
Is there any difference regarding performance when running as a service or as an application?
Is there any other benefit or drawback of running as a service or as an application?
View 2 Replies
View Related
Nov 20, 2013
I have Apache 2.2 installed on Windows to host a web2py application using wsgi.
Apache crashed once stating it had run out of worker threads, so I inscreased ThreadsPerChild to 500. It has since crashed/become unresponsive without giving anything in the error log.
I set up mod_status, and am looking for understanding what I see when looking at server-status page.
It says 135 requests currently being processed, 365 idle worker. However I don't think there are 135 people connected.
Here's the request lines:
SrvPIDAccMSSReqConnChildSlotClientVHostRequest
0-1253840/0/0W138495448300.00.000.00
... the line above is repeated identically 125 times
0-1253840/32/32W000.00.460.46127.0.0.1dalgety-svr8.havelock.intGET /server-status HTTP/1.1
0-1253840/0/0W52400.00.000.00192.168.202.109dalgety-svr8.havelock.intGET /HubForms/ProjectFolderIndexing/index HTTP/1.1
[Code] ....
Question:
1) What are those 125 requests, and why are they not exiting. Are they anything to worry about? why is there no Client/VHost/Request? Could they be from the python process? Could they be what's causing the issue?
2) The Acc entry 0/121/121 on /HubForms/capacity_requests/index - is this representative of an issue?
3) When I restart Apache, it typically says "Terminating 375 threads that failed to exit" but that number doesn't match up with anything. Are these the idle threads?
Also I'm not sure what "restart" actually means, i.e. what stops and what stays (i.e. why am I on generation 0-12?).
4) Is any of this anything to do with why Apache becomes unresponsive, or should I be looking elsewhere?
View 1 Replies
View Related
Dec 5, 2014
I'm trying to perform SSO to my application. for my login i get an error "Size of a request header field exceeds server limit". I believe the header size got increased then the limit set in apache server. I'm guessing so.
the flow of request: Apache -> tomcat -> SAP Business Objects.
For my colleagues login the SSO works fine with out issue.
So, how to increase the HTTP header size. I'm bridging apache and tomcat using AJP connector. below is the AJP connector parameters in server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" URIEncoding="UTF-8" enableLookups="false" connectionTimeout="20000"/>
View 1 Replies
View Related
Jul 17, 2015
Hosting Settings
There is no php support - so i canĀ“t change or choose running as apache module or cgi application (s. screenshot)...
OS Ubuntu 12.04.5 LTS
Panel version 11.5.30 Update #50, last updated at July 17, 2015 03:46 AM
View 4 Replies
View Related
Jun 17, 2008
i have whm/cpanel on my server, and suddendly (since yesterday) the cpanel button next to the domain name in the "list accounts" section, is missing ,,
View 4 Replies
View Related
Feb 26, 2015
So. Plesk has a button to enable or not enable automatic updates of WordPress installations it knows about. I toggled it and it didn't seem to effect the setting in my wp-config.php file:
//--- disable auto upgrade
define( 'AUTOMATIC_UPDATER_DISABLED', true );
which remained like that whatever I did to the Plesk button.
Nor does it seem to set this setting either way:
define( 'WP_AUTO_UPDATE_CORE', false );
So. Is it something independent of WordPress? I.e. Plesk goes and gets the updates and applies them? If so - what updates is it getting - major changes or just minor ones?
View 1 Replies
View Related
Mar 18, 2007
I recently leased a dedicated server and it has somethign called modsecurity installed and I "think" it is causing me a slight problem. I installed Tikiwiki (using FANTASTICO as teh installer) to put a wiki on my site. Problem: When I edit a page and hit "Save." I get "FOBIDDEN you do not have permission to access /tiki/tiki-editpage.php on this server". After playing around with it all day, I finally asked my server management folks if they could figure out the issue and they said it looked like a "modsecurity" issue. If I understand correctly, modsecurity will clocu URLs that have certain characteristics.
my questions are:
1) How can I determine exactly which modsecurity rule is being violated and
2) How can I remove just taht rule so that things will work with the wiki program?
View 4 Replies
View Related
Nov 30, 2007
I have a site on my server that is running a Flash splash-page and ModSecurity keeps getting tripped when anyone accesses the page.
I am running the default configuration supplied by CPanel 11. The rule that is getting tripped is the XSS rule.
Here is some more info:
Code:
Pattern match "(?:�(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)�W*?=|abort�)|(?:l(?:owsrc�W*?�(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)�W*? ..." at ARGS:texts. [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <src="http:>"] [severity "CRITICAL"]
[30/Nov/2007:12:11:10 --0500] hFuubkMPEAcAAHVLfHgAAAAL 76.118.117.41 62197 67.15.16.7 80
--f2de940f-B--
GET /widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip_intro=SKIP+INTRO&button=gpage.html&
;sloganss=&titl=&zvuk=downloads/DTH_final.mp3&pic1=http://bobbrewer.info/images/bb2_serie
s2.jpg&pic2=http://bobbrewer.info/images/bb2_series2.jpg&pic3=http://bobbrewer.info/images/bb
3_series3.jpg&pic4=http://bobbrewer.info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3
cFONT+face%3d%22Comic+Sans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FONT%3e%3c/P%
3e++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3cIMG+height%3d128+alt%3d%22%22+h
space%3d0+src%3d%22http://bobbrewer.info/images/bb2_series2.jpg%22+width%3d170+border%3d0%3e%3c/A%3e%
3c/P%3e&colorline1=%23BEC7DB&colorline2=%235B71A4&colorline3=%2333ffff&colorline4=&am
p;colorline5=%23BEC7DB&colorname=%2333ffff&colorline6=%235B71A4&colorline7=%23BEC7DB&
colorline8=&colorline9=%23BEC7DB&colorline10=&colorline11=%235B71A4&colorline12=%2333
ffff&colorline13=%23BEC7DB&colortitle=%23000000&colorline14=%2333ffff&colorline17=%23
33ffff&colorline17=%23BEC7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB HTTP/1.1
Accept: */*
Referer: http://bobbrewer.info/index.html
x-flash-version: 9,0,28,0
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Host: bobbrewer.info
Connection: Keep-Alive
--f2de940f-F--
HTTP/1.1 406 Not Acceptable
Content-Length: 455
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--f2de940f-H--
Message: Access denied with code 406 (phase 2). Pattern match "(?:�(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:e
lec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)�W*?=|abort�)|(?:l(?:owsrc�W*?�(?:(?:ja
va|vb)script|shell)|ivescript)|(?:href|url)�W*? ..." at ARGS:texts. [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <src="http:>"] [severity "CRITICAL"]
Action: Intercepted (phase 2)
Stopwatch: 1196442670313070 6595 (855 5738 -)
Producer: ModSecurity v2.1.3 (Apache 2.x)
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1
The code in his web page that I think is tripping this is:
Code:
<!-- widgets/business_splash5.swf -->
<OBJECT WIDTH="550" HEIGHT="400" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553
540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflas
h.cab#version=7,0,0,0" align="middle" valign="top">
<PARAM NAME=movie VALUE="widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip
_intro=SKIP+INTRO&button=gpage.html&sloganss=&titl=&zvuk=downloads/DTH_final.mp3
&pic1=http://bobbrewer.info/images/bb2_series2.jpg&pic2=http://bobbrewer.info/im
ages/bb2_series2.jpg&pic3=http://bobbrewer.info/images/bb3_series3.jpg&pic4=http
://bobbrewer.info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3cFONT+face
%3d%22Comic+Sans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FO
NT%3e%3c/P%3e++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3
cIMG+height%3d128+alt%3d%22%22+hspace%3d0+src%3d%22http://bobbrewer.info/images/
bb2_series2.jpg%22+width%3d170+border%3d0%3e%3c/A%3e%3c/P%3e&colorline1=%23BEC7D
B&colorline2=%235B71A4&colorline3=%2333ffff&colorline4=&colorline5=%23BEC7DB&col
orname=%2333ffff&colorline6=%235B71A4&colorline7=%23BEC7DB&colorline8=&colorline
9=%23BEC7DB&colorline10=&colorline11=%235B71A4&colorline12=%2333ffff&colorline13
=%23BEC7DB&colortitle=%23000000&colorline14=%2333ffff&colorline17=%2333ffff&colo
rline17=%23BEC7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB">
<PARAM NAME="scale" VALUE="noscale">
<PARAM NAME=quality VALUE=high>
<PARAM name="wmode" value="transparent">
<EMBED wmode="transparent" quality="high" WIDTH="550" HEIGHT="400"
src="widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip_intro=SKIP+I
NTRO&button=gpage.html&sloganss=&titl=&zvuk=downloads/DTH_final.mp3&pic1=http://
bobbrewer.info/images/bb2_series2.jpg&pic2=http://bobbrewer.info/images/bb2_seri
es2.jpg&pic3=http://bobbrewer.info/images/bb3_series3.jpg&pic4=http://bobbrewer.
info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3cFONT+face%3d%22Comic+S
ans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FONT%3e%3c/P%3e
++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3cIMG+height%3
d128+alt%3d%22%22+hspace%3d0+src%3d%22http://bobbrewer.info/images/bb2_series2.j
pg%22+width%3d170+border%3d0%3e%3c/A%3e%3c/P%3e&colorline1=%23BEC7DB&colorline2=
%235B71A4&colorline3=%2333ffff&colorline4=&colorline5=%23BEC7DB&colorname=%2333f
fff&colorline6=%235B71A4&colorline7=%23BEC7DB&colorline8=&colorline9=%23BEC7DB&c
olorline10=&colorline11=%235B71A4&colorline12=%2333ffff&colorline13=%23BEC7DB&co
lortitle=%23000000&colorline14=%2333ffff&colorline17=%2333ffff&colorline17=%23BE
C7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB"
type="application/x-shockwave-flash" pluginspage=[url]
View 2 Replies
View Related
Jan 27, 2014
On windows 2008 server with Plesk 11.5, the Secure your Sites option is not displayed. In addition unable to share SSL certificates across many sites with shared IP address.
View 4 Replies
View Related
May 28, 2014
My ver: 11.5.30 Update #45. on Windows 2008 R2 STD.
I need to apply latest updates for installed components but the Update Components button is grayed out!
View 5 Replies
View Related
Feb 22, 2008
how i can install modsecurity 2.5.0?
View 3 Replies
View Related
Oct 3, 2006
Upon reviewing my modsecurity log today, I found an interesting hit from google.
-------------------
Requesting IP: 66.249.65.67 is http://ws.arin.net/cgi-bin/whois.pl?...t=66.249.65.67
Date: 2006-10-03
Time: 07:10:16
Handler: mod_gzip_handler
Get: /page/index/1&show=25,07,2005?php%20echo%20$bmc_vars%5B'site_url'%5D;%20?%3E/profile.php?id=1
Mod_Security-Message: Access denied with code 406. Pattern match "echo " at THE_REQUEST
Mod_Security-Action: 406
------------
The rule that set off this 406 response was:
SecFilterSelective THE_REQUEST "echo "
What I find interesting is that I do not have any such URL structure on this website that google requested.
View 2 Replies
View Related
May 29, 2007
I am running apache 1.3 + modsecurity 1 my problem is i can not use ajax coz of modsecurity is there any way to make ajax work with modsecurity on apache 1 coz i know it's work on apache 2
View 1 Replies
View Related
Oct 20, 2007
where I can find or get the latest, and with better design ruleset for modsecurity? I have one, but it is really old.
View 1 Replies
View Related
May 5, 2015
I was trying to change "Register Domain Names button URL". URL...But after changing the "Register Domain Names button URL" the CLI file (%plesk_ cli %interface_template.exe) got corrupted somehow and now i get this error "invalid application".Is there a place where i can get a copy of this file ?
View 4 Replies
View Related
Sep 22, 2014
I'm on plesk 11.x on Windows.
There are a reason because phpmyadmin is not installed and the button in the panel WebAdmin is disabled ?
In plesk 11.5 for linux phpmyadmin is installed from default.
How to install it via plesk ?
View 2 Replies
View Related
Sep 19, 2008
i installed it from whm
cpanel > Manage Plugins > Name: modsecurity > Install and Keep Updated
but its not working
( i think this is add-one for make configuration in Plugins options )
so i want to install it from ssh
i have apache 2.2.9
php 5
View 10 Replies
View Related
Aug 1, 2014
I want to create logrotate in logrotate.d for modsecurity log.
I find following code, but it don't works.
Code:
/var/log/modsec_audit.log {
rotate 7
compress
missingok
notifempty
sharedscripts
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
View 1 Replies
View Related
Jun 27, 2014
Bandwidth limitation button not showing in domain control panel
I am running Plesk 12.018 on CentOS 6.5. with ~75 domains hosted. All of them are allowed unlimited traffic and have Apache + Nginx installed and configured via Plesk.
Today I need for the first time to set a bandwidth-limitation for a domain, but I can't find a button for controlling it in the domain control panel.
I've checked I've mod_bw installed and have set the permissions for controlling server performance in the custom plan for the specific domain.
View 1 Replies
View Related
Oct 17, 2007
We have a small Hosting reseller account at eNom. We have a new customer that moved his website from another hosting company to ours. The website is on a shared IP. Enom also uses a internal IP for internal use associated to the domain.
The problem we have is that AOL users can not see the website. As far as we can tell no other ISP's are having this problem. Everyone can see it except AOL users.
When AOL users go to the site they get "Page can not be found". After several calls to eNom support and them triple checking the DNS we still have the problem.
I looked at the error log for the website this morning. I found several errors. I looked up the IP's with the errors and they all pointed back to AOL.. See below for two examples of the errors....
Is this a server problem or DNS?
What do these errors mean and what do I do about it?
The domain is http://2hotlicks.com . They sell Hot Sauce.. Would AOL block it because of the keywords in the Domain name?
[Wed Oct 17 08:11:56 2007] [error] [client 207.200.116.7] ModSecurity: Access denied with code 400 (phase 2). Pattern match "(?:\bhttp.(?:0\.9|1\.[01])|<(?:html|meta)\b)" at REQUEST_HEADERS:Via. [id "950911"] [msg "HTTP Response Splitting Attack. Matched signature <http/1.1>"] [severity "ALERT"] [hostname "www.2hotlicks.com"] [uri "/"] [unique_id "uPWvAgoHAlYAAA25N5AAAAAI"]
[Tue Oct 16 13:11:20 2007] [error] [client 207.200.116.137] ModSecurity: Access denied with code 400 (phase 2). Pattern match "(?:\bhttp.(?:0\.9|1\.[01])|<(?:html|meta)\b)" at REQUEST_HEADERS:Via. [id "950911"] [msg "HTTP Response Splitting Attack. Matched signature <http/1.1>"] [severity "ALERT"] [hostname "www.2hotlicks.com"] [uri "/combos.htm"] [unique_id "yddhwAoHAlYAAEEfgyEAAAAi"]
View 2 Replies
View Related
Jun 9, 2015
I have a Real Time Web Application Security Rules Subscription. I change the ModSecurity Rule Setup and add the Atomic LoginData to Plesk. All looks fine but the ModSecurity Log is now empty.
- Debian 7 with all Updates
- Plesk Version 12.0.18 Update #49
Output from: ~# aum -df upgrade asl
[URL] ....
View 1 Replies
View Related
