Hello,
Today, while digging into the security scanner's logs, I found a strange response returned from one of the servers. We got "406 Not Acceptable" response saying that "An appropriate representation of the requested resource /xxx/yyyyyy.php could not be found on this server."
After some research, it turned out, that this error originated from the mod_security Apache module. This is a great tool, and indeed, it gives you a good layer of protection.
Regarding the web security scan performed by ZeroDayScan: we recommend webmasters to disable mod_security during ZeroDayScan website assessment because we want to identify security bugs in your website scripts. If you use mod_security, our web assessment attacks do not reach your scripts - they are blocked on the mod_security's
level.
In addition, there are some ways to obfuscate web security attacks for example SQL injection attacks and mod_security will not detect them. We do not want to obfuscate web security assessment attacks because we will have to obfuscate them for every web security firewall. As a result, a number of attack signatures will grow significantly and thus the time of scan will grow considerably.
So how to disable mod_security?
It is very easy to do. Just add the following lines to your .htaccess file:
# Turn off mod_security filtering.
SecFilterEngine Off
SecFilterScanPOST Off
Best regards,
The ZeroDayScan team
No comments:
Post a Comment