I’ll go through a false positive example I found on my blog. False positives are inevitable, so it’s not a bad idea to run mod_security for a few weeks on detect only. Here’s the url that was raising the alarm. The trigger was in the url. http://chesterton.id.au/blog/2007/11/20/blue-tongue-harmonica-talk-cd/ Here’s what modsec_audit.log looked like –f8a03521-A– [21/Mar/2011:07:54:47 +1100] [...]
In my previous post I didn’t mention how to turn on the audit log, so without explanation, you put the following in your config. SecAuditEngine RelevantOnly SecAuditLogType serial SecAuditLogParts ABCFHZ We already set SecAuditLog to /var/log/modsecurity/SecAuditLog/modsec_audit.log in the previous post, which has to be writable by the web server user, www-data for ubuntu/debian. So after [...]
Some time ago, I changed my setup from nginx + spawn-fcgi to nginx + apache so I could play with mod_security. Well, one of my clients got pwned by some sql injection vulnerability, so I finally got to put it in practice. In a nut shell, mod_security is an apache module that scans http(s) traffic [...]
December 17, 2010 – 3:38 am
When watching a TV series on the laptop, I often lose track of what episode I’m up to, especially after a reboot, so I use nautilus emblems to keep track for me. The idea is when I double click a video file, instead of it launching a video player, I configure it to launch a [...]
October 14, 2010 – 12:13 am
I’ve reinstalled apache and I’m in the process of cutting over my sites. Not completely, just for non static files, mainly php. Nginx is infront of apache serving static content and is a reverse proxy to apache which runs on 127.0.0.1:81 The reason? I want to give mod_security a spin. It’s loaded now, but it [...]
August 16, 2010 – 9:27 pm
I won’t go into too many details, I got everything I learned from google and my customisations aren’t very ground breaking. Jdub tweeted about the wordpress apc object cache being updated. So I (re)installed that. I had it installed a while ago, but a wordpress upgrade broke it. http://wordpress.org/extend/plugins/apc/ Everyone knows about wp-super-cache, and there’s [...]
August 13, 2010 – 8:28 am
Many years ago, I was a rabid (vapid?) PostgreSQL fanboi. I took the time to study how to tune postgres, it was very rewarding to see queries go from taking 30 seconds, to completing in under a second. This involved tuning knobs in the prostres config, to adding indexes. All done manually. If some software [...]
I recently swapped over from lighty to nginx, and man, am I glad I did. I have no idea about the internals, which is faster, lighter, better, etc, but nginx is way more intuitive to configure. Which in the end means my server is set up better. That kick started my latest obsession, speeding up [...]
I left a few things unsaid in my previous post basic hostname set up, and after talking with some people about /etc/hosts, I thought a quick follow up is in order. Firstly, my preference is to use the ethernet’s ip address to tie the host name to the FQDN, but others like to use 127.0.1.1. [...]
I was helping out someone with a postfix issue, and something just clicked that will speed up diagnosing similar problems. It’s not so much a postfix problem as a hostname problem, and it’s very basic. The symptom was, mail sent to the server at domain.com was being bounced. Looking at postfix logs, postfix was trying [...]