How to verify that mod_security is working.

June 9, 2010 at 2:40 pm (Uncategorized) ()

Did you just install mod_security or restart apache?

Do you want to make sure that mod_security is working? Well, if you have installed the CRS, then you are in luck! Here is a simple way to test operation.

First, set up a tail -f on whatever file you have mod_security logging violations/alerts to.

Next, from another linux box that has wget installed, run this command:
wget -O – -U “webtrends security analyzer”

Finally, back in the audit log, you should see an alert logged. This is because the user agent “webtrends securiy analyzer” is blocked by CRS.


Permalink 6 Comments