Author Topic: ModSecurity adds index.php in permalinks  (Read 2689 times)

0 Members and 1 Guest are viewing this topic.

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #15 on: August 10, 2018, 04:42:55 AM »
Anyone facing same issue should run the below commands.

Code: [Select]
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
Code: [Select]
service httpd restart
Restarting Apache is necessary

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #16 on: August 10, 2018, 04:46:28 AM »
sorry for poor english.
so not solve?

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #17 on: August 10, 2018, 04:56:19 AM »
Its solved.

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #18 on: August 10, 2018, 04:57:50 AM »
Oh my god.  Thank you very very much.
How to make ? I want to learn steps.

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #19 on: August 10, 2018, 05:01:58 AM »
The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf

You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it

Code: [Select]
nano /usr/local/apache/conf.d/mod_security.conf
Find

Code: [Select]
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache

Code: [Select]
service httpd restart
Or else you can run

Code: [Select]
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #20 on: August 10, 2018, 05:15:11 AM »
Sir thanks but I reinstall vps with snapshot for try but I try your steps not change anything again.Not create.
Are there deficiencies in steps?

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #21 on: August 10, 2018, 05:17:59 AM »
It will work for sure.

Do like this

Code: [Select]
nano /usr/local/apache/conf.d/mod_security.conf
Find
Code: [Select]
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
Delete it and restart apache

Code: [Select]
service httpd restart
« Last Edit: August 10, 2018, 05:19:34 AM by bullten »

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #22 on: August 10, 2018, 05:22:35 AM »
I remove and restart httpd but not change.  :( :( :(
Can you look please

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #23 on: August 10, 2018, 05:24:39 AM »
What is output of

Code: [Select]
cat /usr/local/apache/conf.d/mod_security.conf
Code: [Select]
tail -f /usr/local/apache/logs/error_log

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #24 on: August 10, 2018, 05:27:20 AM »
Code: [Select]
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

<IfModule !unique_id_module>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

<IfModule mod_security2.c>
  <IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>



  SecRuleEngine On
  SecAuditEngine RelevantOnly
  SecAuditLog /usr/local/apache/logs/modsec_audit.log
  SecDebugLog /usr/local/apache/logs/modsec_debug.log
  SecAuditLogType Serial
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecUploadDir /tmp
  SecCollectionTimeout 600
  SecPcreMatchLimit 1250000
  SecPcreMatchLimitRecursion 1250000
  Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"
</IfModule>

Code: [Select]
[Fri Aug 10 07:21:04.621201 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 07:21:04.621209 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 07:21:04.621213 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 07:21:04.621264 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 07:21:04.621269 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Status engine is currently disabled, enable it by set SecStatusEngine t                                                                 o On.
[Fri Aug 10 07:21:05.674123 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 07:21:05.676094 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1906: host.domain.com:443:0 server certificate is a CA certificate (BasicConst                                                                 raints: CA == TRUE !?)
[Fri Aug 10 07:21:06.185104 2018] [mpm_event:notice] [pid 16593:tid 139762516793                                                                 216] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protecte                                                                 d by Mod Security configured -- resuming normal operations
[Fri Aug 10 07:21:06.185222 2018] [core:notice] [pid 16593:tid 139762516793216]                                                                  AH00094: Command line: '/usr/local/apache/bin/httpd'
[Fri Aug 10 07:21:06.328248 2018] [pagespeed:warn] [pid 16599:tid 13976227142630                                                                 4] [mod_pagespeed 1.13.35.2-0 @16599] Cache Flush 1

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #25 on: August 10, 2018, 05:32:22 AM »
In your case its loading from file /usr/local/apache/conf.d/modsec2.conf

You need to run

Code: [Select]
sed -i '/SecServerSignature/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #26 on: August 10, 2018, 05:35:43 AM »
:) :) :) Thanks your help. Its solve now.

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #27 on: August 10, 2018, 05:41:58 AM »
Between you can delete /usr/local/apache/conf.d/modsec2.conf. Its of no use
Code: [Select]
rm -rf /usr/local/apache/conf.d/modsec2.conf

Offline
*
Re: ModSecurity adds index.php in permalinks
« Reply #28 on: August 10, 2018, 09:52:47 AM »
Ok.
Can I ask how to update mod security rules for comodo waf?
What I write ssh?

Offline
****
Re: ModSecurity adds index.php in permalinks
« Reply #29 on: August 16, 2018, 12:02:07 PM »
I don't know how it is setup by developers and when it is actually updating but you can follow the guide I released to install Comodo WAF with GUI. It will work like the same plugin as it works in Cpanel

http://forum.centos-webpanel.com/how-to/perfectly-installing-comdo-waf-on-centos-web-panel-with-gui/