Pfsense 2 and mod_security



  • Hi,

    I decided to install and try mod_security, but I couldn't make it to work. After googling it, I didn't found any solution but complaints and hence, I decided to write the work around that I found to make it work properly.

    In fact, the problem was not in mod_security itself, but in the setup of the reverse proxy. To sum up, after installing the package(s):

    1. First of all, lighttpd shouldn't listen to port 80 (just to 443). To this end, edit /var/etc/lighty-webConfigurator.conf and comment the following lines:
    $SERVER["socket"] == ":80" {
      $HTTP["host"] =~ "(.*)" {
        url.redirect = …
      }

    Then, just restart lighttpd.
    }

    2. Then, edit /usr/local/etc/appache22/httpd.conf and change the "Deny from all" to "Allow from all", as following:
    <proxy *="">Order deny,allow
      Allow from all</proxy>

    3. You configure mod_security from the GUI and you are good to go.

    Finally, there is a bug in the "Clear log" button (it redirects to "404 - Not Found"). You have to manually deleted from /var/log/httpd-access.log and error.log

    Hope that helps

    Antonios


  • Rebel Alliance Developer Netgate

    Lighttpd listening on port 80 is tied to the setting on System > Advanced, "Disable webConfigurator redirect rule" - just check the box and save and it should stop listening on 80.



  • @jimp:

    Lighttpd listening on port 80 is tied to the setting on System > Advanced, "Disable webConfigurator redirect rule" - just check the box and save and it should stop listening on 80.

    Thanks jimp. Obviously I chose the hard way.



  • Unchecking this option does not fix this for me (its is still listening on port 80 and trying to redirect) at least not from inside my pfsense network.  Any ideas why?



  • So I just figured it out.  On the NAT rule I had to enable NAT reflection (the default setting is off).


Locked