| Author |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
 Posted: Sun 24 Jun '12 3:13 Post subject: ModSecurity 2.7.0 "no action id" ? |
 |
|
It's something wrong.
My apache is 2.2.22,win 2003 server 32bit
I install the modsecurity2,7,0rc2,the error message of "no action id" and "the same action id" shows often at the error logs.There are no such issues at modsecurity 2.6.5
I upgrade the crs to 2.2.5 too.And I compare the 2.2.4 and 2.2.5,there is a bit difference at the same rule.I can't understand what happen about modsecurit 2.7.0rc2 for apache 2.2.22.
And I find,the Apache 2.4 win32 binary and Apache 2.2 win32 binary's modsecurity module that downloaded from apacheloung is the same size of "mod_security2.so".Is there something wrong that cause the "no action id" message shows?
Last edited by maskego on Sun 24 Jun '12 9:30; edited 3 times in total |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sun 24 Jun '12 3:21 Post subject: |
|
|
When will apachehaus's modsecurity 2.7.0 rc2 release?  |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sun 24 Jun '12 3:30 Post subject: |
|
|
It won't, we will wait till 2.7.0, unless Mario wants to do it ... but he just upgraded the forum there and did battle with mod_authn_yubikey so probably wants a breather.
At least I know 2.7.0 is on the horizon so I'll be watching for it |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sun 24 Jun '12 5:47 Post subject: |
|
|
steffen:
I make an anoter test.
I just install the files of modsecurity 2.7.0 rc2_for apache2.2.x's
"libxml2.dll","mod_security2.so","pcre.dll",apache2.2.22 shows error message below:
sytax error and shows error message of "find another rule with the same id"
So,I thingk it supposes the above three files issue. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sun 24 Jun '12 9:29 Post subject: |
|
|
gl:
Thanks for your security compilation.
I install mosecurity2.6.6,it works like a charm. 
I am eager for AH's modsecurity2.7.0 stable release.
Admin note:
With splitting this thread I missed two posts:
by maskego
gl&steffen:
Can you compile modsecurity 2.6.6 first?You can see the modsecurity 2.6.6 stable release news form http://www.modsecurity.org/
and
by glsmith
Done at AH |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Sun 24 Jun '12 11:28 Post subject: |
|
|
ModSecurity is more strict, what is good.
See for example in the changelog :
* Added Rules must have ID action and must be numeric.
So you can get now "no action id" and "the same action id"
Just change the rules dealing with it. Btw. Best to dicsuss rules at the mod-security list.
No plans to make 2.6.6 available, the best available now is 2.7.0-rc2 and fixes over 2.6.6.
Steffen |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Mon 25 Jun '12 1:26 Post subject: |
|
|
I think the modsecurity crs should follow the newest modsecurity 2.7.0 to make workable rules set.But,the crs 2.2.5 is not set the action id for every rule.
Is there somebody can suggest that?  |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Mon 25 Jun '12 5:02 Post subject: |
|
|
gl:
I added a lot of crs id yesterday.But,it's too tired to add.If the crs doesn't add that as yet,it's hard to deploy modsecurity 2.7.0 rc2 for a trial.We have to add more core rules set ids by hand,not only one or two rules. |
|
| Back to top |
|
