search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
7.67k stars 1.54k forks source link

Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. #3115

Open ic32k opened 1 month ago

ic32k commented 1 month ago

Hello,

I'm having issue with Modsecurity 2.9 (it is installed into a plesk server latest version with latest updates)

On every single visit I got a register with that 2 errors:

Message: Could not set variable "ip.xmlrpc_counter" as the collection does not exist.
Message: Could not set variable "ip.brute_force_counter" as the collection does not exist.
Apache-Error: [file "apache2_util.c"] [line 277] [level 3] [client 47.128.63.199] ModSecurity: Could not set variable "ip.xmlrpc_counter" as the collection does not exist. [hostname "c*******.com"] [uri "/img/logo-1660745973.jpg"] [unique_id "ZgVgQVdtYdAwqReLwcyDAwAAABc"]
Apache-Error: [file "apache2_util.c"] [line 277] [level 3] [client 47.128.63.199] ModSecurity: Could not set variable "ip.brute_force_counter" as the collection does not exist. [hostname "c*********.com"] [uri "/img/logo-1660745973.jpg"] [unique_id "ZgVgQVdtYdAwqReLwcyDAwAAABc"]
Stopwatch: 1711628353557358 808 (- - -)
Stopwatch2: 1711628353557358 808; combined=108, p1=50, p2=42, p3=0, p4=0, p5=16, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "DETECTION_ONLY"

Tried to find info about, but can't find one single result from google nor bing, can please someone helpme to solve this?

airween commented 1 month ago

Hi @ic32k,

thanks for reporting.

What rule set you use? Are you sure the rule set initialized the ip collection before wants to use that?

See initcol action in the reference. Also please take a look to the Persistent storage section.

ic32k commented 1 month ago

IDK the default ruleset from Comodo, but disabled CWAF, so IDK why it shows at if it was the rule responsible for the log... imagen

As said is a plesk install, so I have no access to the configuration files, etc, only to select the options they let me play with

airween commented 1 month ago

Then in that case, you should report this issue at your provider.

ic32k commented 1 month ago

OK, I will report also to them, anyways thank you for your help! if they say the problem is modsec I will come here again ;) )

airween commented 2 days ago

@ic32k - have you got any help from your provider?

Could we close this issue?

ic32k commented 1 day ago

no, no help received, as here also can e helped yes, you can close the ticket

De: Ervin Hegedus @.> Enviado: jueves, 16 de mayo de 2024 21:48 Para: owasp-modsecurity/ModSecurity @.> Cc: ic32k @.>; Mention @.> Asunto: Re: [owasp-modsecurity/ModSecurity] Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. (Issue #3115)

@ic32khttps://github.com/ic32k - have you got any help from your provider?

Could we close this issue?

— Reply to this email directly, view it on GitHubhttps://github.com/owasp-modsecurity/ModSecurity/issues/3115#issuecomment-2116061635, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AK2NY47YU3AACZMRR7XVGILZCUEP7AVCNFSM6AAAAABFMZSPD6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJWGA3DCNRTGU. You are receiving this because you were mentioned.Message ID: @.***>