-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
directive Rules error #4
Comments
Hi @Zoey2936. Could you please give us more information about your setup?
|
This is very strange. What @theseion said. CRS behaving correctly? |
Here is my configuration: How I build modsec and nginx: https://github.com/ZoeyVid/nginx-quic/blob/latest/Dockerfile sample server block:
|
and yes crs without plugins works fine |
Thanks for the detailed information! |
CC @airween What do you guys make out of this? I'm puzzled. |
Reading your initial error line again, file |
Hmm. It says The problem is, this is not line 1 and it's not Column 750, Rather line 20 and column 30 or so. Different carriage returns? Different version / location of the file being loaded? I'm a bit at a loss. Something is amiss, but I think it's rather your set than the plugin, since the plugin file looks cool. |
If you want you can try it yourself by deploying NPMplus, enable modsec and crs in a host and upload this pluging and then this error will occur |
Sorry, but I do not have the time for that. What you could do is doing a minimal install - I reckon that would work - and then examine the delta if any. |
I've found the error, I've removed the body-decompress plugin and now it works |
That is strange. Can anyone test Body Decompress Plugin with nginx? @theseion You mentioned that you use nginx, hm? |
nginx reports:
|
mybe this issue should be moved to the body decompress repo? |
@Zoey2936 Yes, sure. Can you, please, close this issue and open a new one in Body Decompress Plugin repository? Thank you. |
@Zoey2936 out of curiosity, why aren't you using |
if you compare the images sizes you will se the reason: https://hub.docker.com/r/owasp/modsecurity-crs/tags?page=1&name=openresty and https://hub.docker.com/r/zoeyvid/nginx-quic/tags |
Fair enough. We also appreciate PRs to improve our builds hint hint 😉 |
🙏 amen to that. |
I'm trying to run your container @Zoey2936, but simply building and running it doesn't work. I probably need to mount some things. Could you post a complete example on how to run the container, so that I can debug the error? |
you mean this building this dockerfile? https://github.com/ZoeyVid/nginx-quic/blob/latest/Dockerfile |
No, I've built it already. Now I want to run the container to see your error. |
just use this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml |
I've built the container from taht image, yes. |
since this images just builds nginx and modsec and in a second dockerfile crs and crowdsec are added |
I think I've identified the issue. The @azurit @airween, what do you think? @Zoey2936 could you test your setup by modifying
|
Seems like it's not optional (based on the syntax), and regression tests uses actions too, eg here (but all places in the test file). So yes, looks like it's not optional in v3. |
it now returns:
|
Something's up with the parser... @Zoey2936 is right, I had tried |
so the problem is inside modsecurity v3? |
It looks like it. @airween I didn't see an issue immediately in the parser. What I did find out is that for some reason the parser thinks that any action specified for
The above leads to the same error:
|
I think it makes perfect sense to prohibit a Chances are the code around this and all the log messages are a bit of a mess and inconsistent between ModSecurity v2 and v3. |
Maybe. I also tried |
do you think this can be fixed at some point? |
I was hoping that @airween had some insights. |
He's buried in work, but I hope he can return to this sooner or later. |
May be. Please open an issue under ModSecurity's repository. But unfortunately I can't promise that this will be on top. |
sorry, but I think I don't know enough how this plugin works to report this bug to the modsec repo |
I've opened the issue: owasp-modsecurity/ModSecurity#3108. |
Hello, I've tried this plugin today, but got this error:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /data/etc/modsecurity/crs-plugins/fake-bot-before.conf. Line: 1. Column: 750. Expecting an action, got: @eq 0" "id:9504099,phase:1,pass,nolog,ctl:ruleRemoveById=9504100-9504999" in /data/nginx/proxy_host/10.conf:48
I get similar error with other plugins like nextcloud exclusion
The text was updated successfully, but these errors were encountered: