Apache Mod_Security_Config2 - ConnorEast/Tech-Journal GitHub Wiki

First, I went onto my Kali Linux Device and sent a request for the following server "10.0.17.15/??<script>XXS_Attack</script>" this redirected me to the HTTP Server Test Page. Below is an image of the command "cat modsec_audit.log"

Firstly, the code was taken and tested against patterns, and it was rated with a paranoia level. A paranoia level is how on edge the system needs to be in order to properly protect the security of itself. For reference this server address gave a paranoia 1 warning and it saw the text as having a "severity: critical" level. Given the red flags, it was then terminated using code 403. et-all.

To do this I went to my Kali Linux server and opened the following address "10.0.17.15/?../../boot" This was supposed to move me up two directories allowing me to get to the boot folder/file.

It was detected that this was a path transversal attack and was given a severity level of "Critical" as such it was denied with code 403. Error code 403 essentially states that access to X site is restricted and or blocked. The file blocking it being /etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACk-LFI.conf

The reason why we get a telnet error is due to the fact that the host header is a numerical address. This should be fixed by inserting the name of the site which in my case would be "tttxxxmmmlamma.com". I chose this name for my site because I was trying to figure out what site URL may not be in use as of the current moment. This however didn't help as the site is still being recognized by its IP address

When I run the command "telnet tttxxxmmmlamma.com GET / HTTP/1.1 Host:tttxxxmmmlamma.com" it sends me to the 403 forbidden page with all of its html and ccs styling. Image seen below.
REQUEST-949-BLOCKING-EVALUATION.conf

To not violate mod security you must write proper Telnet commands. This means that your device must not be attempting to go through directories unnecessarily and it must use valid syntax.