Could not use equal sign in xpath expression #2328
Labels
3.x
Related to ModSecurity version 3.x
Comments
|
Hi @dennus, Do you mind to inform us more details of your ModSecurity? What is the version that you are working with? |
|
Hello, I'm using Modsecurity v. 3.0.3 |
victorhora
added
3.x
|
I think this is a similar issue: The error message: so I will not open any new issue. |
|
These are similar issues, but the workaround situation is different. @airween , For your case, a reliable workaround should be to use a character class: @dennus , For XPATH, in a recent case that I encountered, using contains() instead of an equality operator proved a reasonable substitute. This may not be sufficient in all cases, however. |
thanks |
martinhsv
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
E.g.:
SecRule XML://tag1/*[local-name()='some-tag']
"@pm ..\ ../"
"phase:request,
msg:'Path Traversal Attack (/../)',
id:77113,
ver:'OWASP_CRS/3.0.0',
rev:'1',
maturity:'9',
accuracy:'7',
multiMatch,
t:base64Decode,
block,
severity:CRITICAL,
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',
capture,
tag:'application-multi',
tag:'language-multi',
tag:'platform-multi',
tag:'attack-lfi',
tag:'OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL',
setvar:'tx.msg=%{rule.msg}',
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},
setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL-%{matched_var_name}=%{matched_var}'"
Error occured when nginx start:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /var/rules/rules.conf. Line: 1. Column: 48. Expecting a variable, got: : ='some-$
The text was updated successfully, but these errors were encountered: