mod-security not triggering
I've recently upgraded a Debian box from Apache 1.3 to 2.x, which also
forced me to move over to the new mod-security 2.x packages as well. I
tried to port over some of my rules from 1.x, even though the new syntax
took some conversion. None of my rules seem to be triggering, though,
and I'm not sure how to debug the setup.
I'm including rules from conf.d with:
SecRuleEngine On
SecRequestBodyAccess On
# snipped for brevity
Include /etc/apache2/modsecurity/*.conf
and have the following:
SecRule ARGS "root|tjacobs|www-data|apache|httpd" "log,deny,t:none,t:htmlEntityDecode,t:lowercase"
SecRule ARGS "\.\." "log,deny,t:none,t:htmlEntityDecode,t:lowercase"
SecRule ARGS "/etc/passwd" "log,deny,t:none,t:htmlEntityDecode,t:lowercase"
SecRule ARGS "/etc/shadow" "log,deny,t:none,t:htmlEntityDecode,t:lowercase"
SecRule ARGS "/(\.|.*(~|\.(bak|inc|tmp)|,v)|RCS)" "log,deny,t:none,t:htmlEntityDecode,t:lowercase"
SecRule ARGS "/(bin|sbin|lib|home|tmp|var|boot|etc|usr|root|mnt|proc|sys|dev)\/""log,deny,t:none,t:htmlEntityDecode,t:lowercase"
However, none of the rules appear to trigger, or to log anywhere. Am I
missing something obvious? How do I debug this further?
--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"
Reply to: