Facebook
Twitter
LinqLOL
Basic Pleskian
We running into problems with modsecurity when enabling the Atomic (subscription) rules it's seems not to work (not even logging to the modsec log). I test it with /index.php?foo=../../passwd
When I switch to Atomic Basic ModSecurity rule set I get an nice 403 and the modsec log is being filled.
When looking into the /etc/httpd/conf/modsecurity.d/rules/atomic/modsec I see all the files have an old modification time. So I wanted to find out if the rules got updated anyways. The /etc/cron.daily/asl cron is executed daily as I can see in the cron logs.
Running aum -u manually does not show errors, just:
But the rules in /etc/httpd/conf/modsecurity.d/rules/atomic/modsec are not updated! Also after the aum -u I see the the original modsecurity is replaced with the rpm from Atomicorp.
We see this behaviour on a server which has never had used modsecurity before.
Could anyone tell me whats wrong here?
When I switch to Atomic Basic ModSecurity rule set I get an nice 403 and the modsec log is being filled.
When looking into the /etc/httpd/conf/modsecurity.d/rules/atomic/modsec I see all the files have an old modification time. So I wanted to find out if the rules got updated anyways. The /etc/cron.daily/asl cron is executed daily as I can see in the cron logs.
Running aum -u manually does not show errors, just:
Code:
Checking versions ...
ASL version is current: [PASS]
MODSEC rules are current: 201506041534 [PASS]
Generating report ...
FinishedBut the rules in /etc/httpd/conf/modsecurity.d/rules/atomic/modsec are not updated! Also after the aum -u I see the the original modsecurity is replaced with the rpm from Atomicorp.
We see this behaviour on a server which has never had used modsecurity before.
Could anyone tell me whats wrong here?
