search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.21k stars 1.6k forks source link

Directive Rules Error #2743

Closed skrlance closed 2 years ago

skrlance commented 2 years ago

The latest modsecurity.conf that I am using from this Github on my server with NGINX gives the following error:

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/conf.d/modsec/modsecurity.conf. Line: 10. Column: 32. Invalid input: SecRequestBodyJsonDepthLimit 64 in /etc/nginx/conf.d/vhosts/default.conf:8

Server details:

nginx version: nginx/1.20.2
libmodsecurity-3.0.5
nginx-more-module-modsecurity-1.20.2

This error can be resolved by removing or commenting:

SecRequestBodyJsonDepthLimit 512

I have also tried providing other values but the error doesn't gets resolved.

What should I do? Can somebody help please!!

airween commented 2 years ago

libmodsecurity3 version v3.0.6 was released on Nov 20, 2021.

Version v3.0.5 on Jul 08, 2021.

SecRequestBodyJsonDepthLimit has been added on Nov 16, 2021, so the v3.0.6 contains it, but v3.0.5 does not. Latest modsecurity.conf was aligned to this version on Dec 21, 2021.

You should upgrade your library, or have to remove this directive.