New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix counters #1196

Merged
merged 1 commit into from Oct 17, 2018

Conversation

Projects
None yet
3 participants
@fgsch
Collaborator

fgsch commented Oct 2, 2018

anomaly_score and outbound_anomaly_score should refer to their paranoia
level counterpart (i.e. _plN).

Fixes #1178.

Fix counters
anomaly_score and outbound_anomaly_score should refer to their paranoia
level counterpart (i.e. _plN).

Fixes #1178.
@dune73

This comment has been minimized.

Collaborator

dune73 commented Oct 5, 2018

Thank you for fixing my broken patch, @fgsch. I checked it and it looks good. PL execution on tested rules you fixed works fine.

You are now basing this against v3.1. Can we do v3.2 first?

P.S. If aiming for 3.2, the REQUEST-914 rules have the same issue. At least there is an excuse with those.

@fgsch

This comment has been minimized.

Collaborator

fgsch commented Oct 5, 2018

I can do but I think we should concentrate in 3.1 first to get another rc out before the final release.

@dune73

This comment has been minimized.

Collaborator

dune73 commented Oct 5, 2018

@csanders-git: How do you want this done? 3.1 because we should be fast now and then fixed in 3.2 as well. Or the usual way around?

@jianting060

This comment has been minimized.

jianting060 commented Oct 11, 2018

Nginx -t error when detecting rules: REQUEST-914-FILE-DETECTION.conf. Line: 70. Column: 85.
SecRule ARGS|XML|XML:/*
"@rx ^(?:\x4d\x5a(?:\x90|\x50)|\x7f\x45\x4c\x46)"
"id:914100,
phase:2,
*block,*
msg:'Possible harmful executable file detected',
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAMES}: %{MATCHED_VARS}',\

@fgsch

This comment has been minimized.

Collaborator

fgsch commented Oct 11, 2018

@jianting060 not sure I follow. That file does not exist in v3.1/dev, which is the focus of this PR.

@dune73

This comment has been minimized.

Collaborator

dune73 commented Oct 17, 2018

No news from @csanders-git. So I am going to merge against 3.1.

Thank you for the PR @fgsch.

I will do the PR for 3.2 myself. This mess is my fault after all.

@dune73 dune73 merged commit 9fd6222 into SpiderLabs:v3.1/dev Oct 17, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment