cannot use SecRule "Invalid command 'SecRlue'"

owasp-modsecurity / ModSecurity-apache

ModSecurity v3 Apache Connector

Apache License 2.0

88 stars 51 forks source link

cannot use SecRule "Invalid command 'SecRlue'" #71

Closed sina-grz closed 4 years ago

sina-grz commented 4 years ago

i have installed modsecurity2.9 and it seems fine with SecAction and SecRuleEngine and work well but when i wanna use SecRule apache wont start due to Invalid command 'SecRlue'

<Location "/index">
    SecRuleEngine On
    SecAction initcol:ip=%{REMOTE_ADDR},pass,id:2
    SecRule REMOTE_ADDR "127.0.0.1" "ctl:ruleRemoveTargetById=1,id:5
    SecAction deny,id:1,nolog,status:201,msg:ok

</Location>

and i got

AH00526: Syntax error on line 302 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'SecRlue', perhaps misspelled or defined by a module not included in the server configuration

and im working in a docker container envirment.

sina-grz commented 4 years ago

i think i got it by moving SecRuleEngine On out of the location scope like

SecRuleEngine On
<Location "/index">
    SecAction initcol:ip=%{REMOTE_ADDR},pass,id:2
    SecRule REMOTE_ADDR "127.0.0.1" "ctl:ruleRemoveTargetById=1,id:5"
    SecAction deny,id:1,nolog,status:201,msg:ok
</Location>

but i got new problem when i send requst to localhost/index it gives me Empty reply from server and i also i see

[Thu Aug 20 20:41:40.851712 2020] [:error] [pid 11:tid 139986100004608] [client 127.0.0.1:38500] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/usr/local/apache2/conf/httpd.conf"] [line "302"] [id "2"] [hostname "localhost"] [uri "/index"] [unique_id "Xz7gBCQj8y7qbhbKpfbSlAAAAIA"]
[Thu Aug 20 20:41:41.774745 2020] [core:notice] [pid 1:tid 139986150786176] AH00051: child pid 11 exit signal Segmentation fault (11), possible coredump in /usr/local/apache2

zimmerle commented 4 years ago

Hi @sna-king

Apache connector for ModSecurity v3 is still in alpha, better no to use in production. The connector needs to read the ModSecurity configurations from an external file. Please check here for further information: https://github.com/SpiderLabs/ModSecurity-apache#modsecurity_rules_file

If you are not using v3, we can investigate it a little further.

sina-grz commented 4 years ago

i am using version 2 version 3 reference are almost empty

zimmerle commented 4 years ago

it seems that you have a typo in your rule, notice the error message:

AH00526: Syntax error on line 302 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'SecRlue', perhaps misspelled or defined by a module not included in the server configuration

SecRlue instead of SecRule.

sina-grz commented 4 years ago

',

thats old log that i have copied but even if after i fix that still got err ,i have fix it by making Engine out of scope.(or maby my eays cant see any more it 2 AM)

zimmerle commented 4 years ago

There is a lot of stuff to fix on the second set of rules. What is your objective in terms of use-case scenario?

sina-grz commented 4 years ago

i have actually fix them and works better thank to you but still not working as expected