With the release of OP5 Monitor version 8.1.3, we are bundling the Apache module mod_security with our product. This will serve to filter every request done to the Apache web server and apply the OWASP ModSecurity Core Rule Set and allow/deny requests based on that ruleset.
We have included a tailor-made config for mod_security which disables some of the rules which break Monitor. Clients with customized httpd (Apache) environments may experience issues.
See also: How to handle false positives and create exclusions.
The HTTP response given if a rule is triggered is mostly: 403 forbidden.
To find out what rule might be causing the issue, make sure you have audit logging turned on. This is described in "How to troubleshoot mod_security security rules".
Logs are located in:
- modsec_audit.log -- this logs every rule encountered, useful for finding out what rules are causing the error
- modsec_debug.log -- logs everything if debug is enabled.
Set SecDebugLogLevel to desired level.
9 is everything.
Log levels can be found here.
First, run the following to confirm mod_security is loaded (called "security2_module")
# apachectl -M | grep sec
Disabling mod_security can be done by opening up:
Comment out everything in that file and then restart httpd. Run the above apachectl command again to confirm the output has changed, meaning the module is no longer loaded.