[Owasp-modsecurity-core-rule-set] modsecurity_crs_20_protocol_violations.conf error

Christian Bockermann chris at jwall.org
Tue Nov 1 17:03:03 EDT 2011


Hi Anna,

no, you did perfectly fine with your configuration. Unfortunately the variable REQBODY_PROCESSOR_ERROR
has been renamed to REQBODY_ERROR without keeping an alias of the old name.
This happened in ModSecurity 2.6 if I remember correctly.

The new versions of the core rules use the new name of the variable.

Since you are obviously using ModSecurity < 2.6, you will need to change the variable name

   REQBODY_ERROR  to   REQBODY_PROCESSOR_ERROR

in your modsecurity_crs_20_protocol_violations.conf file.

That should fix the problem.

Best regards,

   Chris


Am 01.11.2011 um 21:55 schrieb Anna Chulaki:

> I have upgraded CRS on our server from 2.1.2 to 2.2.2.  I get an error starting Apache server unless I comment out the following rule in base_rules/modsecurity_crs_20_protocol_violations.conf:
> 
> SecRule REQBODY_ERROR "!@eq 0" \
>       "phase:2,t:none,block,msg:'Failed to parse request body.',id:'960912',logdata:'%{reqbody_error_msg}',severity:2,        setvar:'tx.msg=%{rule.msg}',setvar:'tx.id=%{rule.id}',tag:'RULE_MATURITY/7',tag:'RULE_ACCURACY/8',tag:'https://www.owasp        .org/index.php/ModSecurity_CRS_RuleID-%{tx.id}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol        _violation_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%        {matched_var}"
> 
> Error message:
> Starting httpd: Syntax error on line 91 of /etc/httpd/modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf:
> Error creating rule: Unknown variable: REQBODY_ERROR
> 
> Did I miss something in the installation instructions?
> 
> Anna Chulaki
> 
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set



More information about the Owasp-modsecurity-core-rule-set mailing list