Forum

Hi,
I'm using Hiawatha with a control panel, namely Kloxo-MR. It's used as reverse proxy with Apache as the backed. Earlier i was able to see what kind of attack attempt Hiawatha was blocking in the exploit.log, but now it's empty. The mtime of that log file is also before the last time i restarted Hiawatha. I'd like to an article to document Hiawatha's ability to block XSS, CSRF and SQL-injection attacks as i'm writing a paper.


Any help is appreciated!



Hiawatha version: 9.12
Operating System: CentOS 6.6

Are the access rights correct?

Yes, Hiawatha is run with the user apache and
]# ll /var/log/hiawatha/*.log
-rw-r----- 1 apache apache 0 May 3 03:25 /var/log/hiawatha/access.log
-rw-r----- 1 apache apache 1500 May 4 01:10 /var/log/hiawatha/error.log
-rw-r----- 1 apache apache 0 May 3 03:25 /var/log/hiawatha/exploit.log
-rw-r----- 1 apache apache 77 May 4 00:10 /var/log/hiawatha/garbage.log
-rw-r----- 1 apache apache 31651 May 4 13:59 /var/log/hiawatha/system.log

Should for instance a request of http://mysite.com/<script>alert("123");</script> be logged in exploit.log?

Only if you set 'PreventXSS = yes'.