3 May 15:22
Newbie Question - ModSec + SquidGuard
From: Arthur Dent <misc.lists <at> blueyonder.co.uk>
Subject: Newbie Question - ModSec + SquidGuard
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-03 13:26:02 GMT
Subject: Newbie Question - ModSec + SquidGuard
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-03 13:26:02 GMT
Hello all, Firstly let me say that, having just installed ModSecurity I am *very* impressed with it. Thank you to all the devs for such a great product. I am not a sysadmin, I just have a simple, largely static, website with a few bits of dynamic content (eg a squirrelmail webmail package serving up my family's mail from behind a AuthUserFile password protected area). I protect my children from undesirable web content by using a squid proxy server + squidGuard filter. Prior to installing ModSecurity this worked just fine, redirecting to a page informing them that the site is blocked. Now they just get a 400 Bad Request which can be confusing. I think that ModSecurity is blocking access to the squidGuard.cgi app which serves up the squidGuard blocking page, but I think ModSecurity is blocking because it's come via a numeric IP. (see extract from debug.log) [03/May/2008:14:09:11 +0100] [www.mydomain.co.uk/sid#b92b64a8][rid#b97a0f80][/cgi-bin/squidGuard.cgi][1] Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] This causes problems because my internal network relies heavily on numerical IP addresses.(Continue reading)
RSS Feed