gmane.comp.apache.mod-security.user

ModSecurity calling order and SiteMinder

Ryan Kogelheide — 2008-09-05T20:42:05

I've installed ModSecurity 2.5.6 on Apache protected by CA's SiteMinder. In testing ModSecurity with the Core rules, I've seen that SiteMinder is called first. It has some application firewall capabilities, so intercepts some of the bad URLs that I'm sending. Is there a fashion to get ModSecurity to proc before SiteMinder? Note that we have no control over the code of SiteMinder. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

log

Jair Santos — 2008-09-05T19:35:33

------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ mod-security-users mailing list mod-security-users< at >lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users

Invalid command 'SecComponentSignature' ????

Eric Haddix — 2008-09-05T17:19:37

I've come a LONG way to get to this point but there is only 1 post online that mentions this and the solution is not mentioned. Syntax error on line 117 of /etc/httpd/modsecurity/modsecurity_crs_10_config.conf: Invalid command 'SecComponentSignature', perhaps misspelled or defined by a module not included in the server configuration Can someone shed some light on this for me? I don't even have a clue how to test what is going wrong so I don't have a good way to know how to fix it yet. Thanks Eric ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

Special Characters not supported by modsecurity

Angel Ferreres — 2008-09-05T12:02:14

BaiduSpider issues - protocol anomolies

Albert E. Whale — 2008-09-04T20:52:29

I never expected this one. I am getting ID 960015 on the Baiduspider+(+http://www.baidu.com/search/spider_jp.html) scanning the domain of one of my hosted sites. I nothing against the Chinese, but I am wondering if this is being Too restrictive? Certainly there is no possibility that the Chinese are coming to Pittsburgh to work out at a Curves site. What is the consciences on this id? I'm attaching the Raw Tx log. Thanks for all you guys do!

[console empty] problem with mlogc

Samuel Salson — 2008-09-04T08:42:04

Hello All, I have a problem with the installation of mlogc Active Alerts remains to Zero :( informations of my installation: /opt/httpd/bin/apachectl -t -D DUMP_MODULES [...] security2_module (shared) Syntax OK this commande have a probleme because : ps -ef | grep mlogc root 7965 26175 0 Sep03 ? 00:00:00 /opt/mlogc/mlogc /etc/mlogc.conf root 22090 1 0 09:50 pts/0 00:00:00 /opt/mlogc/mlogc /etc/mlogc.conf root 22146 1 0 09:51 pts/0 00:00:00 /opt/mlogc/mlogc /etc/mlogc.conf root 22152 1 0 09:51 pts/0 00:00:00 /opt/mlogc/mlogc /etc/mlogc.conf whenever I reload apache2 a mlogc more load my /etc/mlogc.conf CollectorRoot "/var/log/mlogc" ConsoleURI "https://localhost:8888/rpc/auditLogReceiver" SensorUsername "user" SensorPassword "password" LogStorageDir "data" TransactionLog "mlogc-transaction.log" QueuePath "mlogc-queue.log" ErrorLog "mlogc-error.log" LockFile "mlogc.lck" KeepEntries 0 ErrorLogLevel 2 MaxConnections 10 TransactionDelay 50 StartupDelay 1000 CheckpointInterval 15 ServerErrorTimeout 60 ls -lah /var/log/mlogc/ total 12K drwxrwxrwx 3 daemon daemon 4,0K sep 3 16:14 . drwxr-xr-x 11 root root 4,0K sep 3 22:20 .. drwxrwxrwx 4 daemon daemon 4,0K sep 4 00:01 data -rwxrwxrwx 1 daemon daemon 0 sep 3 16:36 mlogc-error.log -rwxrwxrwx 1 daemon daemon 0 sep 3 16:14 mlogc-queue.log -rwxrwxrwx 1 daemon daemon 0 sep 3 16:14 mlogc-transaction.log ls -lah /var/log/httpd/ total 27M drwxr-xr-x 2 root root 4,0K sep 3 16:35 . drwxr-xr-x 11 root root 4,0K sep 3 22:20 .. -rw-r--r-- 1 root root 12M sep 4 09:21 access_log -rw-r--r-- 1 root root 16M sep 4 09:21 error_log -rw-r----- 1 root root 0 sep 3 16:34 modsec_audit.log -rw-r----- 1 root root 500K sep 4 09:21 modsec_debug.log -rw-r--r-- 1 root root 54K sep 4 09:21 modsec_performance.log server and client are the same post thanks for your help ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

"WEBSERVER_ERROR_LOG required" message inaudit log

R.A. Imhoff — 2008-09-04T07:28:24

Hello, I have a question about this rule from the standard core set: SecRule RESPONSE_STATUS ^400$ "t:none,phase: 5,chain,log,auditlog,pass,msg:'Invalid request',id:'960913',severity:'2'" SecRule WEBSERVER_ERROR_LOG !ModSecurity "t:none" Why does the audit log include the line about when this rule is triggered? The way I read the rule definition, it's supposed to log the apache error message when it's not produced by ModSecurity itself. So why does it complain about the WEBSERVER_ERROR_LOG being required? There is a valid Apache error log that does receive all the error messages -- one global one and one for each virtual host (this is on a Debian 4 LAMP server). --132e532d-H-- Message: Warning. Match of "rx ModSecurity" against "WEBSERVER_ERROR_LOG" required. [file "/etc/apache2/modsecurity/ modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960913"] [msg "Invalid request"] [severity "CRITICAL"] Apache-Error: [file "/mnt/debian/apache2-2.2.3/modules/aaa/ mod_auth_digest.c"] [line 1730] [level 3] Digest: uri mismatch - does not match request-uri , referer: https://2poppies.com/adm/props/index.php On a related note, is there any way to turn off logging of successful authenticated accesses? i.e., avoid audit log entries like the following: .... --75d74512-B-- GET /admin/ HTTP/1.1 ....... --75d74512-F-- HTTP/1.1 401 Authorization Required WWW-Authenticate: ..... Content-Length: 401 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 --75d74512-H-- Stopwatch: 1220417151194763 900 (- - -) Producer: ModSecurity for Apache/2.5.6 (http://www.modsecurity.org/); core ruleset/1.6.1. Server: Apache --75d74512-Z-- Many thanks! Robert Imhoff ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

Please explain why?

Albert E. Whale — 2008-09-03T20:13:12

I have a rule in the "modsecurity_crs_15_customrules.conf" file which includes the following: SecRule REMOTE_ADDR "^71\.162\.15\.3$" phase:1,nolog,allow,ctl:ruleEngine=DetectionOnly However, when I am reviewing the logs, I have following in the audit log (I'll make this short, why did I get this?): --8abd7814-A-- [03/Sep/2008:15:45:39 --0400] FLKeKULPhekAACR< at >MuAAAAAJ 71.162.15.3 63199 66.207. 133.234 80 --8abd7814-B-- GET /phpMyAdmin/sql.php?db=FuzzyOcr&token=70c2d2f3828db48f4ba71a6f1553cad4&goto= db_structure.php&table=Safe&pos=0 HTTP/1.1 Host: ns2.abs-comptech.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/20 08070208 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://ns2.abs-comptech.com/phpMyAdmin/db_structure.php?server=1&db=Fuz zyOcr&table=&lang=en-utf-8&collation_connection=utf8_general_ci Cookie: pma_navi_width=232; phpMyAdmin=wKzjZVxRZZZFPXF4WdVU1kIYZAd; pma_lang=en- utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_general_ci; pma_fon tsize=100%25; pma_theme=original Authorization: Basic cm9vdDowM0FiQzIw --8abd7814-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.1.6 Set-Cookie: pma_fontsize=deleted; expires=Tue, 04-Sep-2007 19:45:38 GMT; path=/p hpMyAdmin/ Expires: Wed, 03 Sep 2008 19:45:39 GMT Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, m ax-age=0 Last-Modified: Wed, 03 Sep 2008 19:45:39 GMT Set-Cookie: pma_theme=deleted; expires=Tue, 04-Sep-2007 19:45:38 GMT; path=/phpM yAdmin/ X-ob_mode: 1 Pragma: no-cache Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 10982 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 \ I would have expected that the custom rule would have permitted this action, Without even a Log entry?

[question] console.conf

Samuel Salson — 2008-09-02T13:13:06

hello all, I have this in my console.conf Property port "8887" Property adminNetwork "127.0.0.1" Property password "relgguj" what is it ? thanks samuel. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

[sensor connection problem] console empty

Samuel Salson — 2008-09-01T09:58:31

I have problems in the console, nothing goes back my console remains empty, my modsecurity on the client works very well and my sensors is properly configured. my log : /var/log/mlogc/mlogc-error.log [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: About to connect() to opti_024 port 8888 [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Trying 192.168.2.215... [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: connected [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Connected to opti_024 (192.168.2.215) port 8888 [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Server auth using Basic with user 'test' [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Connection #0 to host opti_024 left intact [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Request returned with status "500 Invalid, missing, or expired licence.": xJhcRX8AAAEAADUBWzsAAAAF [Mon Sep 01 12:25:55 2008] [2] [13551/1f4b6968] Flagging server as errored after failure to submit entry xJhcRX8AAAEAADUBWzsAAAAF with HTTP response code 50 0: Invalid, missing, or expired licence. [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Sleeping for 50 msec. [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Loop completed. [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Shutting down due to server error. [Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Thread done. [Mon Sep 01 12:26:05 2008] [4] [13551/2aaaab127150] Management thread: Initiating a checkpoint (previous was 20 seconds ago). [Mon Sep 01 12:26:05 2008] [4] [13551/0] Checkpoint started. [Mon Sep 01 12:26:05 2008] [4] [13551/0] Checkpoint completed. thanks for your help ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

mod_security 2.5.6 and logging

Steve — 2008-08-31T23:46:55

Hello list, is there a possibility to completely turn of logging in mod_security 2.5.6? I mean even the one appearing in the Apache error log? I have the following configuration: ----- SecRuleEngine On SecRequestBodyAccess Off SecResponseBodyAccess Off SecResponseBodyMimeType (null) text/html text/plain text/xml SecResponseBodyLimit 524288 SecDefaultAction "phase:2,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off,t:lowercase,t:replaceNulls,t:compressWhitespace" SecComponentSignature "core ruleset/1.6.1" SecUploadDir /tmp SecUploadKeepFiles Off SecAuditEngine Off SecAuditLogRelevantStatus "^(?:999)" SecAuditLogType Serial SecAuditLog /var/log/apache2/modsec_audit.log SecAuditLogParts "ABIFHKZ" SecArgumentSeparator "&" SecCookieFormat 0 SecRequestBodyInMemoryLimit 131072 SecDebugLog /var/log/apache2/modsec_debug.log SecDebugLogLevel 0 SecDataDir /tmp SecTmpDir /tmp ----- I added the code below into a : ---- SecRuleInheritance Off SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecDefaultAction "phase:1,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off" SecRule REMOTE_ADDR "< at >rbl us.countries.nerd.dk" "phase:1,nolog,noauditlog,redirect:http://www.mynewdomain.com/us/" SecRule REMOTE_ADDR "< at >geoLookup" "phase:1,chain,nolog,noauditlog,redirect:http://www.mynewdomain.com/us/" SecRule GEO:COUNTRY_CODE "< at >streq US" ---- But I still get my Apache error log flooded with the following messages: ---- [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Phase 1: 205 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfa9ea0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "70"]: 97 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfaa980 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "71"]: 105 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfab2d0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "72"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfaf830 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "74"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb0150 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "75"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb07d0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "77"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb21f8 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "78"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb2878 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "80"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb3198 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "81"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Phase 5: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] ---- How can I prevent mod_security to write those 11 lines for every request? // Steve

APXS Issue

Jason Fierro — 2008-08-29T15:51:34

modsec-2.5.6 on SLES 10.2

Müller, Andreas — 2008-08-29T08:22:10

Hello, has anyone out there successfully compiled and installed mod-security on Suse Linux Enterprise Server (SLES) 10.2 ? When compiling mod-security I got "undefined reference to ap_strchr..." - errors during the "make test" - procedure. After installing and activating mod-security, the apache segfaults ! So I tried to modify the spec-file of the apache-rpm and rebuilt it. When configuring apache without "--enable-maintainer-mode" switch, compiling and installing it, the "make test" of mod-security runs without any problems, but after installing and activating mod-security I get segfaults again. I assume, this is a Suse-specific issue, because on debian-linux there is no problem, compiling, testing and running mod-security ! The technical details: Linux: SUSE Linux Enterprise Server 10 SP2 (i586) Apache: apache2-2.2.3-16.18 (Suse-rpms) p.s.: mod-security-2.1.3 is compiling and running without any problems. thanx && greetings, Andreas ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

WebDAV troubles

Gerald Holl — 2008-08-28T16:50:15

Hello, I'd like to increase the max. upload size on my apache server. According to the modsecurity doc SecRequestBodyLimit has a hard limit of 1 GB but I need more. Next, I tried to disable modsecurity by the following rule nested in a Directory directive: SecRule REQUEST_URI "^/path/" "phase:1,nolog,allow,ctl:ruleEngine=Off" It's not working, modsecurity still logs errors to the apache error log. Does anybody know the best practice to set the request limit to about 2GB? Thanks, Gerald ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

ModSecurity Issue Tracker Now Available

Ivan Ristic — 2008-08-27T14:33:11

I am happy to announce that we've just launched a public issue tracking facility for ModSecurity. It's available at https://www.modsecurity.org/tracker/. We've selected JIRA (http://www.atlassian.com/software/jira/) for this purpose, not only because it is the best issue tracking product our there, but also because we were given a free licence. Atlassian, the company behind JIRA, is generously offering free licences to open source projects. I had used JIRA in a previous job, and have nothing but good things to say about it. I am happy now that we will be using it for my favourite project. We've been using a private Trac instance to track ModSecurity issues for nearly two years now. There wasn't any particular reason we decided to go with a private system, apart that to run a public system required additional effort. However, you can't really have an open source project with a private issue tracking system, so the pressure to go public (which we've put on ourselves) eventually pushed the task to the top. Furthermore, we've noticed that there are people who are not using the latest version of ModSecurity. Naturally, you are not supposed to upgrade just because there's a new version out there, but we were lacking a facility that would enable our users to judge for themselves whether an upgrade is needed. For example, an upgrade that improves security might be justified, but an upgrade because of a feature you are not using is not likely to be. Our new tracker is empty at the moment, but it will start to fill-up as we start to use it to plan future releases. The system is open for public registration, so feel free to use it to report the problems you encounter. Issue tracking is just a start, by the way. The generous people of Atlassian have granted us free licences for all their products. FishEye, Confluence and Crucible are all candidates for installation in the near future.

masking out post parameters in the audit log?

Patrick Sauer — 2008-08-27T08:35:12

Hi, I am trying to find a solution to mask out some of the post parameters which are getting logged in the audit log. I read in the documentation that this is possibly, but I didn't find a way to do this... Yours sincerely Patrick Sauer ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

Query String Wildcard Params

entracity inc — 2008-08-26T20:49:37

IP Wildcard usage

entracity inc — 2008-08-26T20:47:59

Help with rule mod

Clayton Dillard — 2008-08-26T20:37:46

piped log program '/sbin/httpd-guardian.pl'failed unexpectedly

R.A. Imhoff — 2008-08-24T13:57:39

Hello I've been trying to install httpd-guardian 1.6 on a Debian 4 LAMP with Apache2 and the current ModSecurity, but as soon as I activate it by adding : SecGuardianLog |/sbin/httpd-guardian.pl to the Apache conf, the Apache error log fills with a long list of piped log program '/sbin/httpd-guardian.pl' failed unexpectedly Would anyone be able to give me a hint on how to track down the reason? I tried to set $debug to 1 in httpd-guardian.pl, but that doesn't seem to produce any output. httpd-guardian.pl sits in /sbin/httpd-guardian.pl with owner and group = www-data (which is the group that Apache runs in) and the group and owner having execution rights ... blacklist.pl and blacklist-webclient work ok, because they get called from certain mod-security rules to block ips via iptables Many thanks! Robert Imhoff ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/

Loading ModSec 2.1.7 module causes'Unauthorized' and '401' Errors

Patrick Smith — 2008-08-20T22:57:13