[Owasp-modsecurity-core-rule-set] CRS-3.0.2 : rules 941100 and 950130

Chaim Sanders chaim at chaimsanders.com
Fri Jul 28 15:52:40 UTC 2017


Hey Phillppe,
Sorry for the trouble you've been having. You've stumbled across a known
bug. This is due to a bug in a few older Apache versions (as described here
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/KNOWN_BUGS#L18).
There are two different approaches to fixing it. Either upgrade Apache, or
you can go to the location specified in the error (line 36 of
DATA-LEAKAGES) and add a space before the line continuation ( '\' ). Thank
you for reaching out to us, let me know if this solves the issue!

On Fri, Jul 28, 2017 at 12:30 AM, Philippe Naudin <naudin at supagro.inra.fr>
wrote:

> Hello,
>
> I have a problem with the installation of CRS and I am not able to
> understand it.
> On a Debian Jessie, with libapache2-mod-security2-2.9.1-2~bpo8+1 and
> owasp-modsecurity-crs from github.com/SpiderLabs, apache2 -t gives the
> following error :
>
> AH00526: Syntax error on line 40
> of /etc/modsecurity/crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf Error
> parsing actions: Unknown action: \\
>
> After commenting out rule 941100, there is another error :
>
> AH00526: Syntax error on line 36
> of /etc/modsecurity/crs/RESPONSE-950-DATA-LEAKAGES.conf Error parsing
> actions: Unknown action: \\
>
> Once rules 941100 and 950130 have been commented, apache can read its
> configuration and work correctly (also tested in paranoia levels 2
> and 3).
>
> Using debian's package modsecurity-crs-3.0.0-3~bpo8+1, there is no
> problem at all.
>
> Do you know some test or log or whatever that can help me to find the
> origin of this problem ?
>
> Thanks,
>
> --
> Philippe Naudin
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>



-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20170728/48cc3926/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list