Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2 and mod_security

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 10.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      atlasis
      last edited by

      Hi,

      I decided to install and try mod_security, but I couldn't make it to work. After googling it, I didn't found any solution but complaints and hence, I decided to write the work around that I found to make it work properly.

      In fact, the problem was not in mod_security itself, but in the setup of the reverse proxy. To sum up, after installing the package(s):

      1. First of all, lighttpd shouldn't listen to port 80 (just to 443). To this end, edit /var/etc/lighty-webConfigurator.conf and comment the following lines:
      $SERVER["socket"] == ":80" {
        $HTTP["host"] =~ "(.*)" {
          url.redirect = …
        }

      Then, just restart lighttpd.
      }

      2. Then, edit /usr/local/etc/appache22/httpd.conf and change the "Deny from all" to "Allow from all", as following:
      <proxy *="">Order deny,allow
        Allow from all</proxy>

      3. You configure mod_security from the GUI and you are good to go.

      Finally, there is a bug in the "Clear log" button (it redirects to "404 - Not Found"). You have to manually deleted from /var/log/httpd-access.log and error.log

      Hope that helps

      Antonios

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Lighttpd listening on port 80 is tied to the setting on System > Advanced, "Disable webConfigurator redirect rule" - just check the box and save and it should stop listening on 80.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          atlasis
          last edited by

          @jimp:

          Lighttpd listening on port 80 is tied to the setting on System > Advanced, "Disable webConfigurator redirect rule" - just check the box and save and it should stop listening on 80.

          Thanks jimp. Obviously I chose the hard way.

          1 Reply Last reply Reply Quote 0
          • D
            ddod
            last edited by

            Unchecking this option does not fix this for me (its is still listening on port 80 and trying to redirect) at least not from inside my pfsense network.  Any ideas why?

            1 Reply Last reply Reply Quote 0
            • D
              ddod
              last edited by

              So I just figured it out.  On the NAT rule I had to enable NAT reflection (the default setting is off).

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.