[Owasp-modsecurity-core-rule-set] More Squirrelmail Denials
ryan.barnett at breach.com
Wed Jan 13 13:31:47 EST 2010
On Wednesday 13 January 2010 01:17:35 pm Arthur Dent wrote:
> Hi Ryan,
> Many thanks for this. I wish I understood better how the CRS works, but
> I'm afraid I don't. This means that I am at a bit of a loss to know what
> to do when Apache reports a syntax error in your rules... Sorry...
> # service httpd restart
> Stopping httpd: [ OK ]
> Starting httpd: Syntax error on line 65 of
> nf: Error creating rule: Unexpected character at position 51:
> TX:PHPIDS-30-WEB_ATTACK/INJECTION-2-Detects common XSS concatenation
> patterns 1/2-ARGS_NAMES:smaction[save] [FAILED]
Try this one instead -
SecRule TX:'/PHPIDS-30-(.*)-ARGS_NAMES:smaction[save]/' "@contains ]["
SecRule MATCHED_VAR_NAME "TX\:(.*)" "capture,t:none,setvar:!tx.
> I do appreciate your help with this. Thanks.
> When is CRS 2.0.5 coming out?
Not sure - We are trying to make a bunch of updates including the comments by Ivan Ristic.
We will send out a note to the list when it is released.
More information about the Owasp-modsecurity-core-rule-set