Closed sina-grz closed 4 years ago
i think i got it by moving SecRuleEngine On
out of the location scope
like
SecRuleEngine On
<Location "/index">
SecAction initcol:ip=%{REMOTE_ADDR},pass,id:2
SecRule REMOTE_ADDR "127.0.0.1" "ctl:ruleRemoveTargetById=1,id:5"
SecAction deny,id:1,nolog,status:201,msg:ok
</Location>
but i got new problem
when i send requst to localhost/index
it gives me Empty reply from server
and i also i see
[Thu Aug 20 20:41:40.851712 2020] [:error] [pid 11:tid 139986100004608] [client 127.0.0.1:38500] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/usr/local/apache2/conf/httpd.conf"] [line "302"] [id "2"] [hostname "localhost"] [uri "/index"] [unique_id "Xz7gBCQj8y7qbhbKpfbSlAAAAIA"]
[Thu Aug 20 20:41:41.774745 2020] [core:notice] [pid 1:tid 139986150786176] AH00051: child pid 11 exit signal Segmentation fault (11), possible coredump in /usr/local/apache2
Hi @sna-king
Apache connector for ModSecurity v3 is still in alpha, better no to use in production. The connector needs to read the ModSecurity configurations from an external file. Please check here for further information: https://github.com/SpiderLabs/ModSecurity-apache#modsecurity_rules_file
If you are not using v3, we can investigate it a little further.
i am using version 2 version 3 reference are almost empty
it seems that you have a typo in your rule, notice the error message:
AH00526: Syntax error on line 302 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'SecRlue', perhaps misspelled or defined by a module not included in the server configuration
SecRlue instead of SecRule.
',
thats old log that i have copied but even if after i fix that still got err ,i have fix it by making Engine out of scope.(or maby my eays cant see any more it 2 AM)
There is a lot of stuff to fix on the second set of rules. What is your objective in terms of use-case scenario?
i have actually fix them and works better thank to you but still not working as expected
i have installed modsecurity2.9 and it seems fine with SecAction and SecRuleEngine and work well but when i wanna use SecRule apache wont start due to Invalid command 'SecRlue'
and i got
and im working in a docker container envirment.