Tags:
create new tag
view all tags

Question

I have a fresh install of Fedora 7 and I'm trying to use Twiki 4.1.2. I've followed the install steps verbatim but am having problems with configure due to ModSecurity. I can get through the first phase of configure where I set the paths, but after that hitting the 'Next' button gives me a 400 bad request page. After a lot of web searching, I've found some references to ModSecurity and commented out the offending line as a test. This helped me get past this first issue and I have limped through some of the other Twiki operations, but as I observe the error_log file I see that ModSecurity is still constantly complaining.

Should ModSecurity work cleanly with Twiki (provided I don't have other problems) or do I need to disable it?

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Fedora 7
Web server: Apache 2.2.6
Perl version: 2.8.8
Client OS: Fedora 7
Web Browser: Firefox
Categories: Installation

-- MarkRossman - 02 Nov 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

ModSecurity has no problem with TWiki, but the ModSecurity rules on your installation may cause problems.

Wikis in general are a bit of a challenge for ModSecurity. They allow almost anything to be entered as topic texts, so many "simple" filters will cause false positives. You'll need to understand ModSecurity's log file entries one by one, and then to decide whether you want to keep or refine the offending rule.

Note that most ModSecurity directives can be selectively applied to Location or Directory sections of your web server, so you can create a dedicated set of rules for TWiki. While testing, you could change the ModSecurity action to pass,log so that requests will be served but nevertheless the error log will contain a description of detected positives.

-- HaraldJoerg - 02 Nov 2007

This seems to be answered. Please feel free to re-open with more details if necessary.

-- PeterThoeny - 11 Dec 2007

Change status to:
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2007-12-11 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.