mod_security and server status monitors

3 posts / 0 new
Topic locked
Last post
#1 Fri, 01/19/2007 - 03:45
KassidyClark

mod_security and server status monitors

Has anyone installed mod_security such that it doesn't block the webmin/virtualmin website status monitors?

I believe it has to do with mod_security blocking text based web clients, but I'm not sure which command webmin uses to run the status monitors.

Does anyone have a work around?

Kind regards, kas

Fri, 01/19/2007 - 11:42
Joe
Joe's picture

Hey Kassidy,

Webmin has it's own built-in web client. It reports itself as "Webmin" in the User Agent field. I'm not sure how mod_security would determine a threat based on just the agent...but I suppose it might try. I'm actually kinda curious why mod_security would block text-based clients...that rules out all blind users using page readers, in addition to folks in limited environments (some cell phones, etc.).

Anyway, I'm not sure how to convince mod_security to let Webmin talk, but I'll try to find some time to play with mod_security in the near future. A few people have asked about it...I'm not convinced it's a good idea for the vast majority of users, because it introduces its own large set of problems (including a spotty security history of its own) and usually requires customization to actually be of help in securing the packages actually in use without breaking them. But, the SQL injection protection for PHP scripts is pretty cool, if it actually works. It's a hard call. ;-)

--

Check out the forum guidelines!

Sun, 01/21/2007 - 11:41
KassidyClark

In the modsecurity-general.conf rules, I commented out this line.

# Detect manual and crude automated requests.
#
#SecFilterSelective HTTP_Host|HTTP_User-Agent|HTTP_Accept "^$"

And now the service monitors are working, but the rest of mod_security is still intact (php, sql-injection, spoofed headers, etc.)

I hope this helps anyone with a similar problem in the future.

-Kas

Topic locked