[Owasp-modsecurity-core-rule-set] Owasp-modsecurity-core-rule-set Digest, Vol 99, Issue 9

ajay rx3422 at gmail.com
Fri Jul 28 19:32:37 UTC 2017




Am 28.07.2017 um 14:00 schrieb 
owasp-modsecurity-core-rule-set-request at lists.owasp.org:
> Send Owasp-modsecurity-core-rule-set mailing list submissions to
> 	owasp-modsecurity-core-rule-set at lists.owasp.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> 
> or, via email, send a message with subject or body 'help' to
> 	owasp-modsecurity-core-rule-set-request at lists.owasp.org
> 
> You can reach the person managing the list at
> 	owasp-modsecurity-core-rule-set-owner at lists.owasp.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-modsecurity-core-rule-set digest..."
> 
> 
> Today's Topics:
> 
>     1. CRS-3.0.2 : rules 941100 and	950130 (Philippe Naudin)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 28 Jul 2017 09:30:17 +0200
> From: Philippe Naudin <naudin at supagro.inra.fr>
> To: <owasp-modsecurity-core-rule-set at lists.owasp.org>
> Subject: [Owasp-modsecurity-core-rule-set] CRS-3.0.2 : rules 941100
> 	and	950130
> Message-ID: <20170727163127.6e244e0e at uic-hp-phn.supagro.inra.fr>
> Content-Type: text/plain; charset=US-ASCII
> 
> Hello,
> 
> I have a problem with the installation of CRS and I am not able to
> understand it.
> On a Debian Jessie, with libapache2-mod-security2-2.9.1-2~bpo8+1 and
> owasp-modsecurity-crs from github.com/SpiderLabs, apache2 -t gives the
> following error :
> 
> AH00526: Syntax error on line 40
> of /etc/modsecurity/crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf Error
> parsing actions: Unknown action: \\
> 
> After commenting out rule 941100, there is another error :
> 
> AH00526: Syntax error on line 36
> of /etc/modsecurity/crs/RESPONSE-950-DATA-LEAKAGES.conf Error parsing
> actions: Unknown action: \\
> 
> Once rules 941100 and 950130 have been commented, apache can read its
> configuration and work correctly (also tested in paranoia levels 2
> and 3).
> 
> Using debian's package modsecurity-crs-3.0.0-3~bpo8+1, there is no
> problem at all.
> 
> Do you know some test or log or whatever that can help me to find the
> origin of this problem ?
> 
> Thanks,
> 
Hi Philippe,

I also faced this issue during several installations. I guess this is 
related to this 
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/651 and 
adding a space before line continuation will help you.
By the way, the problem passed in debian9.

best
Andreas



More information about the Owasp-modsecurity-core-rule-set mailing list