No fixed rule id "981050" #278
Comments
|
User csanders-git commented on date 2016-02-22 19:52:06: This is likely due to the fact that SecRuleRemoveById needs to be included AFTER the rule is declared. If it is written before it attempts to remove a non-existant rule ID. Sorry for the delay. |
|
User csanders-git commented on date 2016-02-22 19:52:29: Questions like this can be answered more quickly via the mailing list in the future sorry for the delay. |
|
User slvxstar commented on date 2016-02-24 09:08:49: Yes, you are right, you need to set the boot order of the configuration files. |
|
User csanders-git commented on date 2016-02-26 00:14:27: no problem :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue originally created by user slvxstar on date 2016-01-19 13:09:32.
Link to original issue: SpiderLabs/owasp-modsecurity-crs#278.
Server version: Apache/2.4.10 (Debian)
Architecture: 64-bit
Server MPM: prefork
libapache2-mod-security2 (2.8.0-3)
modsecurity-crs (2.2.9-1)
/crs/modsecurity_crs_11_proxy_abuse.conf
If the fix in /etc/apache2/sites-enabled/site.conf
The condition does not work and an error in site_error_log:
ModSecurity: Access denied with code 500 (phase 1). Match of "streq %{tx.geo_x-forwarded-for}" against "GEO:COUNTRY_CODE" required. [file "/etc/modsecurity'/crs/modsecurity_crs_11_proxy_abuse.conf"] [line "25"] [id "981050"] [rev "2.2.9"] [msg "Potential Open Proxy Abuse - GeoIP Country Code Mismatch of X-Forwarded-For Request Header and Client REMOTE_ADDR"]
The error in the logs is not lost.
The text was updated successfully, but these errors were encountered: