[Modsecurity] Gotroot mod_security rules not working with Apache 1.3.37

Tue Sep 4 00:05:29 EDT 2007

On 9/3/07, Michael Shinn <mike at gotroot.com> wrote:
>
> Thank you for the report.  Can you send me your audit_log entry for
> this?  Without that information, I can't debug your problem.
>
>
>
Sure, here is its contents:

==b620372a==============================
Request: 127.0.0.1 127.0.0.1 - - [03/Sep/2007:21:02:32 -0700] "GET /
HTTP/1.1" 500 609 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)" - "-"
----------------------------------------
GET / HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-us,en;q=0.5
Connection: keep-alive
Host: localhost
Keep-Alive: 300
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match
"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]|\\'|UNION.*SELECT.*FROM)" at ARG("art_id") [severity "EMERGENCY"]

HTTP/1.1 500 Internal Server Error
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
--b620372a--

==ed56221b==============================
Request: 127.0.0.1 127.0.0.1 - - [03/Sep/2007:21:03:09 -0700] "GET /
HTTP/1.1" 500 609 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)" - "-"
----------------------------------------
GET / HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Host: localhost
Keep-Alive: 300
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match
"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]|\\'|UNION.*SELECT.*FROM)" at ARG("art_id") [severity "EMERGENCY"]

HTTP/1.1 500 Internal Server Error
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
--ed56221b--

==0767020c==============================
Request: 127.0.0.1 127.0.0.1 - - [03/Sep/2007:21:03:10 -0700] "GET /
HTTP/1.1" 500 609 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)" - "-"
----------------------------------------
GET / HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Host: localhost
Keep-Alive: 300
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match
"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*|
|\\,]|\\'|UNION.*SELECT.*FROM)" at ARG("art_id") [severity "EMERGENCY"]

HTTP/1.1 500 Internal Server Error
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
--0767020c--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gotroot.com/pipermail/modsecurity/attachments/20070903/369a6521/attachment.html