[Owasp-modsecurity-core-rule-set] Owasp-modsecurity-core-rule-set Digest, Vol 99, Issue 9
rx3422 at gmail.com
Fri Jul 28 19:32:37 UTC 2017
Am 28.07.2017 um 14:00 schrieb
owasp-modsecurity-core-rule-set-request at lists.owasp.org:
> Send Owasp-modsecurity-core-rule-set mailing list submissions to
> owasp-modsecurity-core-rule-set at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> owasp-modsecurity-core-rule-set-request at lists.owasp.org
> You can reach the person managing the list at
> owasp-modsecurity-core-rule-set-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-modsecurity-core-rule-set digest..."
> Today's Topics:
> 1. CRS-3.0.2 : rules 941100 and 950130 (Philippe Naudin)
> Message: 1
> Date: Fri, 28 Jul 2017 09:30:17 +0200
> From: Philippe Naudin <naudin at supagro.inra.fr>
> To: <owasp-modsecurity-core-rule-set at lists.owasp.org>
> Subject: [Owasp-modsecurity-core-rule-set] CRS-3.0.2 : rules 941100
> and 950130
> Message-ID: <20170727163127.6e244e0e at uic-hp-phn.supagro.inra.fr>
> Content-Type: text/plain; charset=US-ASCII
> I have a problem with the installation of CRS and I am not able to
> understand it.
> On a Debian Jessie, with libapache2-mod-security2-2.9.1-2~bpo8+1 and
> owasp-modsecurity-crs from github.com/SpiderLabs, apache2 -t gives the
> following error :
> AH00526: Syntax error on line 40
> of /etc/modsecurity/crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf Error
> parsing actions: Unknown action: \\
> After commenting out rule 941100, there is another error :
> AH00526: Syntax error on line 36
> of /etc/modsecurity/crs/RESPONSE-950-DATA-LEAKAGES.conf Error parsing
> actions: Unknown action: \\
> Once rules 941100 and 950130 have been commented, apache can read its
> configuration and work correctly (also tested in paranoia levels 2
> and 3).
> Using debian's package modsecurity-crs-3.0.0-3~bpo8+1, there is no
> problem at all.
> Do you know some test or log or whatever that can help me to find the
> origin of this problem ?
I also faced this issue during several installations. I guess this is
related to this
adding a space before line continuation will help you.
By the way, the problem passed in debian9.
More information about the Owasp-modsecurity-core-rule-set