TechQA.

Mod_security rules setup error

370 views Asked by At

I am trying to implement the default setting provided by OWASP. Link:https://www.modsecurity.org/CRS/Documentation/quickstart.html

When restarting apache I am getting eror

Syntax error on line 45 of /etc/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf: Internal Error: Failed to add rule to the ruleset. Action 'configtest' failed. The Apache error log may have more information. ...fail! The code for the relevant section is

SecRule TX:DO_REPUT_BLOCK "@eq 1" \
 "msg:'Request from Known Malicious Client (Based on previous traffic violations).',\
  logdata:'Previous Block Reason: %{ip.reput_block_reason}',\
  severity:'CRITICAL',\
  id:910000,\
  phase:request,\
  block,\
  t:none,\
  tag:'application-multi',\
  tag:'language-multi',\
  tag:'platform-multi',\
  tag:'attack-reputation-ip',\
  tag:'IP_REPUTATION/MALICIOUS_CLIENT',\
  setvar:'tx.msg=%{rule.msg}',\
  skipAfter:BEGIN_REQUEST_BLOCKING_EVAL,\
  chain"
  SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \
    "setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
    setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}"

whereas line 45 in the error refers to chain" I don't have any idea about the syntax of these rules.

apache mod-security
Original Q&A
1

There are 1 answers

0
Ortomala Lokni On

You are maybe affected by the Apache bug 55910

Handling of line wrapping is broken if "\" is the last character before buffer resizing.

[...]

This issue is also affecting ModSecurity.

Upgrade to Apache 2.4.11 to solve the issue.

Related Questions in APACHE

Related Questions in MOD-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions