[Owasp-modsecurity-core-rule-set] [JIRA] Resolved: (CORERULES-37) Missing chain action breaks content-type inspection rule logics
Ryan Barnett
Ryan.Barnett at breach.com
Wed Feb 24 09:30:03 EST 2010
[ https://www.modsecurity.org/tracker/browse/CORERULES-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett resolved CORERULES-37.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.0
Fixed in v2.0.6
> Missing chain action breaks content-type inspection rule logics
> ---------------------------------------------------------------
>
> Key: CORERULES-37
> URL: https://www.modsecurity.org/tracker/browse/CORERULES-37
> Project: Core Rules
> Issue Type: Bug
> Security Level: New
> Components: Configuration
> Affects Versions: 2.0.0
> Environment: modsecurity 2.5.12, crs 2.0.5
> Reporter: Artyom Davidov
> Assignee: Ryan Barnett
> Fix For: 2.0
>
>
> In modsecurity_crs_30_http_policy.conf at line 64 there is missing chain action, so the %{tx.allowed_request_content_type}" inspection SecRule is never executed.
> SecRule at line 64 should be changed from:
> SecRule REQUEST_HEADERS:Content-Type "^([^;\s]+)" "capture"
> to:
> SecRule REQUEST_HEADERS:Content-Type "^([^;\s]+)" "chain,capture"
> to fix this issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Owasp-modsecurity-core-rule-set
mailing list