[Owasp-modsecurity-core-rule-set] Lua Script execution failed message

Chaim Sanders CSanders at trustwave.com
Wed Jul 8 21:26:00 UTC 2015


It seems as if you have enabled the experimental rules namely
modsecurity_crs_61_ip_forensics.conf. Without looking directly at the
code, it looks as if the particular rule is trying to do WHOIS lookup. My
advice would be that you might consider disabling the particular rules you
don¹t need. If you need these rules (or want them) I can certainly look
more closely at the LUA script and see where the problem might arise.

On 7/8/15, 10:49 AM, "Bill Miller" <wbmilleriii at comcast.net> wrote:

>Hello,
>I've been setting up modsecurity-crs and I've managed to eliminate all
>the error messages save one, namely
>
>Message: Lua: Script execution failed:
>/usr/share/modsecurity-crs/lua/gather_ip_data.lua:8: attempt to
>concatenate local 'remote_addr' (a nil value)
>
>This message shows up in modsec_audit.log every time the
>modsecurity_crs_60_correlation.conf rule is triggered.
>
>Any information on how to go about fixing this would be most
>appreciated.  Google searching has been fruitless.
>
>Thanks in advance,
>Bill
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>http://scanmail.trustwave.com/?c=4062&d=3L6d1Xgeb8uYenYYXLrpkJXDRrC-WD4vtd
>2MDWBwqQ&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


More information about the Owasp-modsecurity-core-rule-set mailing list