Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_security 2.7 rc3 rule exceptions issue |
|
| Author |
|
pipedevil
Joined: 01 Aug 2011
Posts: 9
|
 Posted: Wed 26 Sep '12 8:39 Post subject: mod_security 2.7 rc3 rule exceptions issue |
 |
|
Hi dear forum participants,
I have an issue adding rule exception to mod_security configuration files.
Exception should bypass DEFINED rule-id for DEFINED ARGUMENT, when the DEFINED ARGUMENT(php variable in the request) equals SPECIFIC VALUE
Example:
www.somedomain.com/index.php?VARIABLE=VALUE
Here is the resulting rule (based on documentation reveiw):
SecRule ARGS_NAMES:VARIABLE "@eq VALUE" "phase:1,t:none,nolog,pass,ctl:ruleUpdateTargetById=981173;!ARGS:VARIABLE"
When I add the string to the mod_security 15 config file, apache won't start.
What could be the cause? |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Wed 26 Sep '12 10:05 Post subject: |
|
|
Anything in the Apache error.log and/or Windows Event Viewer.
Btw.
Best is to post rule issues at the mod_security newsgroup. |
|
| Back to top |
|
pipedevil
Joined: 01 Aug 2011
Posts: 9
|
| Posted: Wed 26 Sep '12 11:39 Post subject: |
|
|
Nothing interesting in Apache error.log, but Windows application log has the following errors:
***
The Apache service named reported the following error:
>>> Error parsing actions: Invalid ctl name setting: ruleUpdateTargetById .
***
The Apache service named reported the following error:
>>> AH00526: Syntax error on line 36 of C:/xampp/apache/modules/mod_security2/modsecurity_crs_15_custom_rules.conf: .
***
It seems that error is in ruleUpdateTargetById statement, but it has been officially documented at
http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html
in "(New) Conditionally Updating the Target List" section. I still can't understand what i've missed? |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
|
| Back to top |
|
pipedevil
Joined: 01 Aug 2011
Posts: 9
|
| Posted: Wed 26 Sep '12 12:19 Post subject: |
|
|
Steffen is that only the solution?
Cause everything works fine(I mean apache starts with mod_security without any errors) till I add an exception to conf 15 file with statements described in first post |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Wed 26 Sep '12 15:00 Post subject: |
|
|
Got an answer from the author.
| Breno wrote: | Steffen,
ruleUpdateTargetByID is not valid anymore. It was replaced by ruleRemoveTargetByID. It is still in 2.6.x series, but already removed in 2.7.x.
It was removed because it is not "per-transaction", but ruleRemoveTargetByID is.
So the user must use:
SecRule ARGS_NAMES:VARIABLE "@eq VALUE" "phase:1,t:none,nolog,pass,ctl:ruleRemoveTargetById=981173;ARGS:VARIABLE"
It is not necessary to use ! char for ruleRemoveTargetByID. Users must update all ruleUpdateTargetByID rules.
The directive SecUpdateTargetByID still exists and can be used to.
Thanks
Breno
|
If you have still a question about this, please continue at the mod_security list. |
|
| Back to top |
|
|
|
|
|
|
