Apache ProxyPass and ModSecurity

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Mike Ballon
Date:  
To: Main PLUG discussion list
Subject: Apache ProxyPass and ModSecurity
Apache 2.2 running as a reverse-proxy with another Apache 2.2 host and then
a DB on the end. This is an AWS setup so the design is basically;
load-balancer, pair of reverse proxies, pair of web hosts, database on the
backend.

I'm using a basic user-agent test to ensure at least basic function of
mod_sec and there is again, something that even 3 cups of coffee hasn't
been able to figure out.

curl -I -A "Nessus" http://www.ihaterabbits.com/
Returns "HTTP 200"

curl -I -A "Nessus" http://www.ihaterabbits.com/foobar
Returns "HTTP 443"

The reverse-proxy logs:

access_log
"HEAD / HTTP/1.1" 200 - "-" "Nessus"
"HEAD /foobar/ HTTP/1.1" 403 - "-" "Nessus"

error_log
"ModSecurity: Access denied with code 403 bad_robots
"ModSecurity: Access denied with code 403 bad_robots

The web host logs:

"GET /error/noindex.html HTTP/1.1" 200 3839
[second curl there is no request sent to the web host]

-- Why is there a request sent to the web host on the first curl when there
is a deny from mod_sec? I tried removing the -Indexes for Options and that
didn't change anything. It looks like it's proxying the error and not the
request?

vhost is as follows:

<VirtualHost *:80>
ProxyVia On
<IfModule mod_security2.c>
SecRuleEngine On
</IfModule>
ProxyPreserveHost On
ServerName ihaterabbits.com
ProxyPass / http://nameofloadbalancer/ retry=0
ProxyPassReverse / http://nameofloadbalancer/
</VirtualHost>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss