Topic: Crashing ModSecurity 2.5.5 under Windows

[cyclone]

I have a set of post args and a target url that can pretty consistently crash mod security 2.5.5 on Windows. Unfortunately they are in a back office setting so I cannot expose them to the world. If I can condense it down to a simple web page form and target URL, would that be usefully in debugging/fixing the issue?

For now I get rid of 90% or more of the occurrences by commenting out this rule:

SecRule ARGS "d:/" t:normalisePathWin

[glsmith]

you and me both ... I had to simply almost not use

modsecurity_crs_20_protocol_violations.conf
modsecurity_crs_40_generic_attacks.conf

and weaken

modsecurity_crs_21_protocol_anomalies.conf

I press submit in YaBB Admin (perl) or a Wiki software I have (PHP) and Apache comes down like a rock, typically no errors, no events of any kind, just poof! Once I got some noise about mod_cgi.c but only once.

[cyclone]

I get the same behavior, poof the server is gone. No error messages any where. Only an apache restart message in the logs.

That makes some sense now. I had never used those rules because I could not get things running. I just assumed I was stupid and had a configuration error. I guess I will cross getting those rules to work off my list.

[glsmith]

I didn't realize there are two threads basically about this subject .. sorry Steffen

Cyclone, Mod_Security/2.5.6 seems to have fixed it for me. I hope it does for you.

If anyone wishes;

For Apache 2.2.9 VC6 builds (like Apache Software Foundation's distributions and some others)

NOTE: This module will NOT work with Apache Lounge Distributions.
Also note this module was built by me, and not Apache Lounge.

http://www.nectar32.com/mods/mod_security2_2.5.6-2.2.9.zip