[Owasp-modsecurity-core-rule-set] 'SecFilterSelective' equivalent use in Apache 2.2.14

Ryan Barnett ryan.barnett at breach.com
Tue Jan 19 10:38:52 EST 2010


On Tuesday 19 January 2010 10:19:24 am Apacheuse Apacheuse wrote:
> When the Syntax below is used in Apache 1.2, works fine without any issues
>  . But the same syntax gives error in Apache 2.2.14
> 
> 
> 
> SecFilterSelective REQUEST_URI "^/(OA_HTML|html|jinitiator)/test.jsp" chain
> SecFilterSelective ARG_page "/mytest/apps/webui/MyPG"
> 
> Restarted Apache, receiving the following
> Syntax error on line 10 of D:/Apache2/conf/test_security.conf:
> Invalid command 'SecFilterSelective', perhaps misspelled or defined by a
>  module not included in the server configuration
> 
> So wondering what would be the equivalent syntax in Apache 2.2.14 ?
> 

What version of ModSecurity are you using on the 2.2.14 version of Apache?  If you are 
using ModSecurity v2 the you need to use SecRule instead of SecFilterSelective.  Reference 
the migration doc - http://www.modsecurity.org/documentation/ModSecurity-Migration-
Matrix.pdf

-Ryan


More information about the Owasp-modsecurity-core-rule-set mailing list