ModSecurity 2.9.7 install on Windows is blocking access to some local URL #3323
Labels
2.x
Related to ModSecurity version 2.x
Comments
|
sorry to say but I'm afraid nobody can help you with available information that you provide. It would be nice to see the webserver's config at least (the relevant part). |
|
sorry, I was thinking you use Apache2 on Windows. Could you turn off ModSecurity in IIS to check that if it's the cause? (Do not uninstall, just disable the module) |
|
Hi Ervin,
Im not sure if there is another way to disable the modsec module, ive
tried disabling by setting this to false at the sub URL level, still seeing
the same issue
[image: image.png]
On Thu, Jan 9, 2025 at 10:47 AM Adrian Glendinning <
***@***.***> wrote:
… Thanks Ervin, I'll try that, so far the only way I can access the URL is
by uninstalling Modsec, but I haven't tried disabling the module, will try
shortly
On Thu, Jan 9, 2025 at 10:18 AM Ervin Hegedus ***@***.***>
wrote:
> Hi @adrianglendinningGPI
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_adrianglendinningGPI&d=DwMFaQ&c=zQ6tLaF7dShu6emFdFLQLeh4ApIjUVDHmN_RmdGFa9g&r=iWlGAcZs8vsxjjqL0KvKkJRUY28mkbN9qpVHA6bjTANFKKxpEJDSrdFDMdXKoKnw&m=8Hh4BPbGWKxePvd-o77nisFdgqQJAdOAtAmRFjRoNG--Sn8M41ZiOOdUXd2vyDY2&s=Fb_J9P9xUGg6VYU_4VK4GCFBYhh_Aj9ZonFikCmzGuI&e=>
> ,
>
> sorry, I was thinking you use Apache2 on Windows.
>
> Could you turn *off* ModSecurity in IIS to check that if it's the cause?
> (Do not uninstall, just disable the module)
>
> —
> Reply to this email directly, view it on GitHub
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_owasp-2Dmodsecurity_ModSecurity_issues_3323-23issuecomment-2D2579707342&d=DwMFaQ&c=zQ6tLaF7dShu6emFdFLQLeh4ApIjUVDHmN_RmdGFa9g&r=iWlGAcZs8vsxjjqL0KvKkJRUY28mkbN9qpVHA6bjTANFKKxpEJDSrdFDMdXKoKnw&m=8Hh4BPbGWKxePvd-o77nisFdgqQJAdOAtAmRFjRoNG--Sn8M41ZiOOdUXd2vyDY2&s=28Uy2g-qMYQfOPI1HXvia8kEUuP9sZpoPUTMCFgwZTo&e=>,
> or unsubscribe
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_BGXPVGNUSSAR4EE45PWTV332JZEG7AVCNFSM6AAAAABUZ7X7B6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNZZG4YDOMZUGI&d=DwMFaQ&c=zQ6tLaF7dShu6emFdFLQLeh4ApIjUVDHmN_RmdGFa9g&r=iWlGAcZs8vsxjjqL0KvKkJRUY28mkbN9qpVHA6bjTANFKKxpEJDSrdFDMdXKoKnw&m=8Hh4BPbGWKxePvd-o77nisFdgqQJAdOAtAmRFjRoNG--Sn8M41ZiOOdUXd2vyDY2&s=TGjIIdaxGMEwPKyUcUS5mDDx2017bSHsN3i-eE9v1A0&e=>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
--
NOTICE: This email message is for the sole use of the addressee(s) named
above and may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution of this message or any
attachments is expressly prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies and backups
of the original message.
|
Unfortunately the image is not visible. Anyway, if IIS uses the same configuration directives as Apache, then you should use |
|
Ah ok, sorry about that, yeah ive tried with the secruleengineoff and I
still cant curl to that site. Uninstalling Modesc only thing that seems to
work unfortunately.
…On Thu, Jan 9, 2025 at 12:29 PM Ervin Hegedus ***@***.***> wrote:
Hi Ervin, Im not sure if there is another way to disable the modsec
module, ive tried disabling by setting this to false at the sub URL level,
still seeing the same issue [image: image.png]
Unfortunately the image is not visible.
Anyway, if IIS uses the same configuration directives as Apache, then you
should use
SecRuleEngine Off
—
Reply to this email directly, view it on GitHub
<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_owasp-2Dmodsecurity_ModSecurity_issues_3323-23issuecomment-2D2580037627&d=DwMFaQ&c=zQ6tLaF7dShu6emFdFLQLeh4ApIjUVDHmN_RmdGFa9g&r=iWlGAcZs8vsxjjqL0KvKkJRUY28mkbN9qpVHA6bjTANFKKxpEJDSrdFDMdXKoKnw&m=VK4K5XtInTq_PT94bjJngoND57F0jVLWnyLeNjr_0ubky6Rgs1MWCcBokR4nSyvL&s=d4n2dv7xWS7OMDsSxKH50mQZGx1PIszTCwjmg5xGUD8&e=>,
or unsubscribe
<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_BGXPVGMFKVFMDQRNETKJS5L2JZTRXAVCNFSM6AAAAABUZ7X7B6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOBQGAZTONRSG4&d=DwMFaQ&c=zQ6tLaF7dShu6emFdFLQLeh4ApIjUVDHmN_RmdGFa9g&r=iWlGAcZs8vsxjjqL0KvKkJRUY28mkbN9qpVHA6bjTANFKKxpEJDSrdFDMdXKoKnw&m=VK4K5XtInTq_PT94bjJngoND57F0jVLWnyLeNjr_0ubky6Rgs1MWCcBokR4nSyvL&s=8rGaKT1rWzvdZszve-Mrsm8SZoZT1uSKb66hDeJBWdk&e=>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
NOTICE: This email message is for the sole use of the addressee(s) named
above and may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution of this message or any
attachments is expressly prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies and backups
of the original message.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi, we found that installing ModSec 2.9.7 on an application server, it is breaking our Test Execution Framework tests. A prent site is accessible no problem
https://ab1.testsite.com works fine
BUT
If i run a curl to
https://ab1.testsite.com/mw/ws/lui/luinternal.asmx
It times out
Works fine on an identical server with no Modsec installed
Logs and dumps
Output of:
Notice: Be carefully to not leak any confidential information.
To Reproduce
Steps to reproduce the behavior:
See above for steps to reproduce
Expected behavior
A clear and concise description of what you expected to happen.
Should see curl complete full access to the site
Instead it just hangs
^C
Rule Set (please complete the following information):
No rule is being used
Additional context
None
The text was updated successfully, but these errors were encountered: