Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-334

mod_security missing whole setup

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • None
    • httpd 2.4.6 GA, httpd 2.4.23 GA, httpd 2.4.23 SP1 DR3, httpd 2.4.29 ER1
    • jbcs-httpd24-compose, mod_security, zip
    • None
    • Documentation (Ref Guide, User Guide, etc.), Interactive Demo/Tutorial, Compatibility/Configuration, User Experience
    • Hide

      unzip jbcs-http24-httpd
      check missing file mod_security.conf.sample at httpd/conf.d/

      Show
      unzip jbcs-http24-httpd check missing file mod_security.conf.sample at httpd/conf.d/

    Description

      There are completely missing config files and loading module directives for mod_security.
      Expecting:
      presence folders httpd/modsecurity.d/ and httpd/modsecurity.d/activated_rules

      presence of sample file httpd/conf.d/mod_security.conf.sample with context:

      LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
    LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule mod_security2.c>
    # ModSecurity Core Rules Set configuration
	IncludeOptional modsecurity.d/*.conf
	IncludeOptional modsecurity.d/activated_rules/*.conf
    
    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
         "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    SecRequestBodyLimit 13107200
    SecRequestBodyNoFilesLimit 131072
    SecRequestBodyInMemoryLimit 131072
    SecRequestBodyLimitAction Reject
    SecRule REQBODY_ERROR "!@eq 0" \
    "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
    "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
    failed strict validation: \
    PE %{REQBODY_PROCESSOR_ERROR}, \
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
    DB %{MULTIPART_DATA_BEFORE}, \
    DA %{MULTIPART_DATA_AFTER}, \
    HF %{MULTIPART_HEADER_FOLDING}, \
    LF %{MULTIPART_LF_LINE}, \
    SM %{MULTIPART_MISSING_SEMICOLON}, \
    IQ %{MULTIPART_INVALID_QUOTING}, \
    IP %{MULTIPART_INVALID_PART}, \
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
    FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

    SecPcreMatchLimit 1000
    SecPcreMatchLimitRecursion 1000

    SecRule TX:/^MSC_/ "!@streq 0" \
            "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

    SecResponseBodyAccess Off
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecAuditLog logs/modsec_audit.log
    SecArgumentSeparator &
    SecCookieFormat 0
    SecTmpDir @installroot@/var/cache/mod_security
    SecDataDir @installroot@/var/cache/mod_security
</IfModule>

      Also create var/cache/mod_security folder as part of postinstall script

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBCS-576 CVE-2015-3183 HTTP request smuggling attack against chunked request parser

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              huwang@redhat.com Hui Wang
              jonderka@redhat.com Jan Onderka
              Jan Onderka Jan Onderka
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: