Results 1 to 4 of 4
  1. #1

    Make mod_security Work Through SSL

    mod_security seems great but it seems to work only in http:// not https:// by default. How can I make it effective through SSL?

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by dynawebd View Post
    mod_security seems great but it seems to work only in http:// not https:// by default. How can I make it effective through SSL?
    Mod_security does work through SSL... how are you testing it?
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  3. #3
    You are right. I guess my issue is blocking it through a different port while using ssl:
    I am blocking "bad" in the URI

    https://www.domain.com/bad/ (gets blocked)
    https://www.domain.com:2083/bad/ (does not get blocked)

    Any ideas?

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by dynawebd View Post
    https://www.domain.com:2083/bad/ (does not get blocked)
    That's because mod_security is for Apache and port 2083 is cPanel.

    The mod_security software wasn't designed to work that way, it'll only work on port 80 (http) and port 443 (https)... unless you hack the hell out of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •