CODEWITHSUNDEEP
apache2virtualhostreverse-proxymod-security
Chintan
Chintan

Reputation: 59

VirtualHost Configuration In Apache with ReverseProxy + ModSecurity

I have set Virtual Host Configuration in apache2 with Reverse Proxy+Mod Security . But it overlaps , it doesn't gives any error while restarting apache2 but the second Virtual Host Configuration is overlap with the first one.

The first one is working fine.

My Virtual Host Configuration is as follow:

NameVirtualHost 192.168.1.101:80
<VirtualHost 192.168.1.101:80>

ServerName 124.125.252.31

DocumentRoot /var/www

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyRequests Off

ProxyPass /asd http://124.125.252.31/
ProxyPassReverse /asd http://124.125.252.31/

<Location /asd>
Order deny,allow
Allow from all
</Location>

Include /etc/apache2/rules/modsecurity_crs_10_config.conf
Include /etc/apache2/rules/base_rules/*.conf

</VirtualHost>


<VirtualHost 192.168.1.101:80>

ServerName 124.125.252.32

DocumentRoot /var/www

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyRequests Off

ProxyPass /qwe http://124.125.252.32/
ProxyPassReverse /qwe http://124.125.252.32/

<Location /qwe>
Order deny,allow
Allow from all
</Location>

Include /etc/apache2/rules/modsecurity_crs_10_config.conf
Include /etc/apache2/rules/base_rules/*.conf

</VirtualHost>

Upvotes: 0

Views: 3598

Answers (1)

Reggie
Reggie

Reputation: 644

According to the latest ModSecurity Reference Manual, in the Configuration Directives section:

Most of the ModSecurity directives can be used inside the various Apache Scope Directives such as VirtualHost, Location, LocationMatch, Directory, etc... There are others, however, that can only be used once in the main configuration file. This information is specified in the Scope sections below. The first version to use a given directive is given in the Version sections below. These rules, along with the Core rules files, should be contained is files outside of the httpd.conf file and called up with Apache "Include" directives.

I am guessing that the following line from your configuration should be included directly from your main httpd.conf file:

Include /etc/apache2/rules/modsecurity_crs_10_config.conf

And I am guessing that the following line can be inserted in your virtual hosts:

Include /etc/apache2/rules/base_rules/*.conf

But I might be wrong. It's just that some directives in this online crs_10_config example have a scope specified as "Main" instead of "Any" (such as SecComponentSignature to name just one).

What made you realize that they overlap? Do you have any log?

Upvotes: 0

Related Questions