[Modsecurity] Problem with Drupal and PHP sites on RHEL server
Michael Shinn
mike at gotroot.com
Thu Nov 29 12:02:59 EST 2007
What happens if you turn modsec off? These look like REPONSE codes of
503, which would be somekind of error with your application normally.
On Wed, 2007-11-28 at 10:40 -0600, Thomas Hillson wrote:
> I am running mod_security currently on a RHEL 4.6 with php 5.1.2 and
> MySQL 5.0.18, and Drupal 5.3.
>
>
> It is possible that this is due to an update from RHEL as we just went
> from 4.5 to 4.6 with a lot of updates in the last couple of weeks.
>
> When I first started using mod_security I had no problems, now all of
> my Drupal and several of my php sites
> are getting blocked. Here are two sections of my httpd error log
> showing what I am getting from mod_security.
>
>
> [Tue Nov 27 13:48:54 2007] [error] [client 129.186.243.2] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "Xu79-YG68i0AACOC7AoAAABB"]
> [Tue Nov 27 13:48:59 2007] [error] [client 129.186.242.10]
> ModSecurity: Access denied with code 501 (phase 4). Pattern match
> "^503$" at RESPONSE_STATUS. [id "70901"] [msg "The application is not
> available"] [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "X0L2GYG68i0AAEJWOKgAAACi"]
> [Tue Nov 27 13:49:05 2007] [error] [client 129.186.242.10]
> ModSecurity: Access denied with code 501 (phase 4). Pattern match
> "^503$" at RESPONSE_STATUS. [id "70901"] [msg "The application is not
> available"] [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "X5QZCYG68i0AAHTcX50AAABs"]
> [Tue Nov 27 13:49:10 2007] [error] [client 129.186.243.2] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "X at LRMIG68i0AAFkXgpoAAAAY"]
>
>
>
>
> [Wed Nov 28 10:15:42 2007] [error] [client 129.186.242.3] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "glX7AIG68i0AAFd682EAAACi"]
> [Wed Nov 28 10:15:43 2007] [error] [client 129.186.242.3] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "glzRH4G68i0AAFxnKyIAAAAI"]
> [Wed Nov 28 10:15:43 2007] [error] [client 129.186.242.3] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "gmD2EIG68i0AAF1PXi0AAAA8"]
> [Wed Nov 28 10:15:43 2007] [error] [client 129.186.242.3] ModSecurity:
> Access denied with code 501 (phase 4). Pattern match "^503$" at
> RESPONSE_STATUS. [id "70901"] [msg "The application is not available"]
> [severity "ALERT"] [hostname "www.ag.iastate.edu"] [uri
> "/scholarships/"] [unique_id "gmQfNYG68i0AAFx8O3UAAABA"]
>
>
> Right now I have to kill mod_security until I either learn how to fix
> this or get some answer as to why it is doing it so I can make it
> work.
>
>
> I appreciate any help anyone can offer.
>
> Tom
>
>
> /--------------------------------------------------------------------------
> | Tom Hillson Agriculture Computer Services Manager
> |(515) 294-1543 College of Agriculture
> | Iowa State University
> ---------------------------------------------------------------------------
> |"The only thing I have too much of is too little time"
>
>
>
>
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
SANS Advisory Board Member
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
More information about the Modsecurity
mailing list