Closed sbull closed 8 years ago
sbull
commented
9 years ago Hi Felipe, FYI, here's the full modsecurity_rules.conf file I'm testing this with:
https://gist.github.com/sbull/3c427138e69b29173b7c
It is generated by cat basic_rules.conf modsecurity_crs_*.conf, from ModSecurity basic_rules.conf and OWASP CRS.
zimmerle
commented
9 years ago Hi @sbull, Thank you for your report, i will investigate
lancedockins
commented
9 years ago I am actually getting this error with even a basic security config with libmodsecurity. We're using an Ubuntu config (can supply the compile routine if you need it).
The only modsecurity directives in the virtualhost config are:
modsecurity on; modsecurity_rules_file /etc/nginx/security/security.conf;
And here is the security.conf file:
SecRule REQUESTFILENAME "@rx css\/(?:.).phml(?:._)$" "phase:1,t:lowerCase,deny,severity:2,msg:'Blocking access to css PHP files',id:1030"
It's literally a one line modsec config file and nginx -t is failing with this error:
nginx: [emerg] "gzip_types" directive Rules error. File: /etc/nginx/security/security.conf. Line: 1. Column: 67. invalid character tt in /etc/nginx/nginx.conf:88
Line 88 of nginx.conf just loads up all virtualhost directives in /etc/nginx/sites-enabled and there is only one of those in there right now.
Not even sure what gzip_types is referring there, but that error only appears if libmodsecurity is enabled in the virtualhost.
moodygit
commented
8 years ago Have same issue. Can get more info or make some test on my machine, just say what info you need. Centos 7
zimmerle
commented
8 years ago Hi,
I have made some updates in the sec language parser today, I have removed a lot of minor issues. Now the parser is more flexible. I have added two new scripts to help during the tests:
I am still working on it, so I will let this issue open. If you can, please test.
zimmerle
commented
8 years ago Did a lot of improvements in the parser, it is now a way more flexible.
I am loading almost all the rules from OWASP CRS v2 and 3. Some of the rules were disabled, such as the ones which depends on content injection or variables that we don't support yet. Please use the scripts listed above to identify what exactly was disabled.
I am closing this issue, if you found any other problem related to this, please open it again.
Roger-Man
commented
8 years ago links are broken!
zimmerle
commented
8 years ago The branch libmodsecurity was renamed to v3/master.
Roger-Man
commented
8 years ago still have problems with some V3 rules:
File: owasp-v3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf. Line: 1103. Column: 12. syntax error, unexpected DIRECTIVE, expecting "," or QUOTATION_MARK
File: owasp-v3/rules/REQUEST-912-DOS-PROTECTION.conf. Line: 113. Column: 61. syntax error, unexpected ACTION_SETVAR, expecting "," or QUOTATION_MARK
zimmerle
commented
7 years ago Hi @Roger-Man,
You should not have any kind of problems using the released version of the OWASP v3 + the most recent version of libModSecurity. Let me know if you are having problems.
therzv
commented
6 years ago yess me also, got this problem, use v3, any help?
victorhora
commented
6 years ago @therzv see if your issue is related with https://github.com/SpiderLabs/ModSecurity/issues/1704
Hi there,
I'm working on setting up ModSecurity v3 (libmodsecurity) with nginx (Modsecurity-nginx), with the OWASP CRS, and it appears that libmodsecurity barfs on particular comment lines in the OWASP CRS like this:
# -=[ Rule Logic ]=-I'm first encountering this in the modsecurity_crs_20_protocol_violations.conf rules. The error I get from
nginx -tlooks something likenginx: [emerg] "modsecurity_rules_file" directive Rules error. File: modsecurity_rules.conf. Line: 645. Column: 1292. invalid character hh in /usr/local/nginx/conf/nginx.conf:45System: ubuntu 14.04 nginx 1.8.0 ModSecurity/libmodsecurity 7afc079 ModSecurity-nginx/experimental 1713be9
My nginx config has this:
I'm happy to share more info if you tell me how to get what you need, or installation commands etc.
Thanks!