search

SpiderLabs / owasp-modsecurity-crs

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
https://modsecurity.org/crs
Apache License 2.0
2.45k stars 727 forks source link

why existed so many bugs with my deploy openresty1.13+modsec-v3+crs-v3.2 #1174

Closed ghost closed 6 years ago

ghost commented 6 years ago

errors Show

[root@localhost /]# nginx
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/rules/REQUEST-901-INITIALIZATION.conf. Line: 298. Column: 119. Expecting an action, got:  ctl:requestBodyProcessor=URLENCODED" in /etc/nginx/nginx.conf:41
[root@localhost /]# vi /etc/nginx/rules/REQUEST-901-INITIALIZATION.conf 
[root@localhost /]# vi /etc/nginx/rules/REQUEST-901-INITIALIZATION.conf 
[root@localhost /]# nginx
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/rules/REQUEST-912-DOS-PROTECTION.conf. Line: 187. Column: 29. Expecting an action, got:  ,\ in /etc/nginx/nginx.conf:41
[root@localhost /]# vi /etc/nginx/rules/REQUEST-912-DOS-PROTECTION.conf 
[root@localhost /]# 
[root@localhost /]# nginx
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf. Line: 70. Column: 85. Expecting a variable, got:  :  S}: %{MATCHED_VARS}',\ in /etc/nginx/nginx.conf:41
[root@localhost /]# vi /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf 
[root@localhost /]# ^C
[root@localhost /]# ^C
[root@localhost /]# vi /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf 
[root@localhost /]# vi /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf 
[root@localhost /]# 
[root@localhost /]# nginx
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf. Line: 70. Column: 82. Expecting a variable, got:  :  S}: DataReplaced',\ in /etc/nginx/nginx.conf:41
[root@localhost /]# vi /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf 
[root@localhost /]# nginx
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/rules/REQUEST-914-FILE-DETECTION.conf. Line: 70. Column: 81. Expecting a variable, got:  :  S}: DataReplaed',\ in /etc/nginx/nginx.conf:41

MyNginx

[root@localhost /]# nginx -V
nginx version: openresty/1.13.6.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC -O2 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --add-module=../ngx_devel_kit-0.3.0 --add-module=../echo-nginx-module-0.61 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2rc3 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.13 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.5 --with-ld-opt='-Wl,-rpath,/usr/share/nginx/luajit/lib -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --add-dynamic-module=/usr/local/src/waf/openresty-1.13.6.2/../ModSecurity-nginx --with-stream --with-stream_ssl_module
ghost commented 6 years ago

and crs3.0 run well but not run well with dos-attack

csanders-git commented 6 years ago

These tickets are related to modsecurity 3 and incompatibility with modsecurity v2. Please report issues with modsecv3 on https://github.com/SpiderLabs/modsecurity

ghost commented 6 years ago

@csanders-git Thank you, and i have write a issue there