OneClick-Console "Heartbeat" is affected when enable Apache ModSecurity Firewall

book

Article ID: 8691

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

DX NetOps Spectrum Oneclick console application at the workstation is not showing a "red-framed" console when the OC server is not reachable or not available anymore. This is seen when the Tomcat Apache ModSecurity firewall is enabled. Since there is no red box or frame it appears the OC console is up and running even though the connection to OC server is lost.

Cause

When enabling the ModSecurity Web Application firewall is enabled then the OC console related "Heartbeat" function is blocked. This then will not cause a "red-framed" (status disconnected) OC console application view anymore when connection from OC console to OC server/service is lost.

Background here is, that between OC console and OC server a heartbeat logic is checking every minute for active communication. 

As a result the OC console may look fine but there is no update or communication from OC server to the OC-Console or versa (i.e. when using / clicking to objects in the OC console).

Environment

CA Spectrum Oneclick-Web-Server R10.1(++) for all platforms / OS when enabled ModSecurity Web Application firewall.

Resolution

To resolve this Apache Modsecurity application firewall setup problem, the Apache ModSecurity configuration setup needs to be modified. 

The reconfiguration requires to update/modify files:

./apache/modsecurity-crs/activated_rules/whitelist.conf
./apache/modsecurity-crs/modsecurity_crs_10_setup.conf
./apache/modsecurity-crs/base_rules/modsecurity_crs_50_outbound.conf
./apache/modsecurity-crs/base_rules/modsecurity_crs_60_correclation.conf  

 

The instructions are in the attached zip file at the bottom of this document.

Attachments

1558534002906TEC1621063.zip get_app