-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libmodsecurity rules parsing error in comments of OWASP CRS #949
Comments
Hi Felipe, FYI, here's the full modsecurity_rules.conf file I'm testing this with: https://gist.github.com/sbull/3c427138e69b29173b7c It is generated by |
Hi @sbull, Thank you for your report, i will investigate |
I am actually getting this error with even a basic security config with libmodsecurity. We're using an Ubuntu config (can supply the compile routine if you need it). The only modsecurity directives in the virtualhost config are: modsecurity on; And here is the security.conf file: SecRule REQUEST_FILENAME "@rx css/(?:.).phml(?:.)$" "phase:1,t:lowerCase,deny,severity:2,msg:'Blocking access to css PHP files',id:1030" It's literally a one line modsec config file and nginx -t is failing with this error: nginx: [emerg] "gzip_types" directive Rules error. File: /etc/nginx/security/security.conf. Line: 1. Column: 67. invalid character tt in /etc/nginx/nginx.conf:88 Line 88 of nginx.conf just loads up all virtualhost directives in /etc/nginx/sites-enabled and there is only one of those in there right now. Not even sure what gzip_types is referring there, but that error only appears if libmodsecurity is enabled in the virtualhost. |
Have same issue. Can get more info or make some test on my machine, just say what info you need. Centos 7 |
Hi, I have made some updates in the sec language parser today, I have removed a lot of minor issues. Now the parser is more flexible. I have added two new scripts to help during the tests:
I am still working on it, so I will let this issue open. If you can, please test. |
Did a lot of improvements in the parser, it is now a way more flexible. I am loading almost all the rules from OWASP CRS v2 and 3. Some of the rules were disabled, such as the ones which depends on content injection or variables that we don't support yet. Please use the scripts listed above to identify what exactly was disabled. I am closing this issue, if you found any other problem related to this, please open it again. |
links are broken! |
The branch libmodsecurity was renamed to v3/master. |
still have problems with some V3 rules: File: owasp-v3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf. Line: 1103. Column: 12. syntax error, unexpected DIRECTIVE, expecting "," or QUOTATION_MARK File: owasp-v3/rules/REQUEST-912-DOS-PROTECTION.conf. Line: 113. Column: 61. syntax error, unexpected ACTION_SETVAR, expecting "," or QUOTATION_MARK |
Hi @Roger-Man, You should not have any kind of problems using the released version of the OWASP v3 + the most recent version of libModSecurity. Let me know if you are having problems. |
yess me also, got this problem, use v3, any help? |
Hi there,
I'm working on setting up ModSecurity v3 (libmodsecurity) with nginx (Modsecurity-nginx), with the OWASP CRS, and it appears that libmodsecurity barfs on particular comment lines in the OWASP CRS like this:
# -=[ Rule Logic ]=-
I'm first encountering this in the modsecurity_crs_20_protocol_violations.conf rules. The error I get from
nginx -t
looks something likenginx: [emerg] "modsecurity_rules_file" directive Rules error. File: modsecurity_rules.conf. Line: 645. Column: 1292. invalid character hh in /usr/local/nginx/conf/nginx.conf:45
System:
ubuntu 14.04
nginx 1.8.0
ModSecurity/libmodsecurity 7afc079
ModSecurity-nginx/experimental 1713be9
My nginx config has this:
I'm happy to share more info if you tell me how to get what you need, or installation commands etc.
Thanks!
The text was updated successfully, but these errors were encountered: