We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following error is encountered while trying to run CRS 3.1
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: owasp-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf. Line: 40. Column: 109. Expecting an action, got: ,\ in /etc/nginx/nginx.conf:39
The issue comes from the following rule
SecRule RESPONSE_BODY "@rx [a-z]:\\\\inetpub\b" \ "id:954100,\ phase:4,\ block,\ capture,\ t:none,t:lowercase,\ msg:'Disclosure of IIS install location',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-iis',\ tag:'platform-windows',\ tag:'attack-disclosure',\ ctl:auditLogParts=+E,\ rev:3,\ ver:'OWASP_CRS/3.0.0',\ severity:'ERROR',\ chain" SecRule &GLOBAL:alerted_970018_iisDefLoc "@eq 0" \ "setvar:'global.alerted_970018_iisDefLoc',\ setvar:'tx.msg=%{rule.msg}',\ setvar:'tx.outbound_anomaly_score=+%{tx.error_anomaly_score}',\ setvar:'tx.anomaly_score=+%{tx.error_anomaly_score}'"
The issue appears to be setvar:'global.alerted_970018_iisDefLoc',\. The issue is probably that setvar doesn't support collection assignment.
setvar:'global.alerted_970018_iisDefLoc',\
The text was updated successfully, but these errors were encountered:
This rule is using an anti pattern for CRS 3.1 and so we have put in a request to remove this capability, however it is a feature SecRules supports.
SpiderLabs/owasp-modsecurity-crs#1134
Sorry, something went wrong.
parser: Fix simple quote setvar in the end of the line.
764a2e4
Fix #1831
test case: Adds test case related to #1831
dfbff09
zimmerle
No branches or pull requests
The following error is encountered while trying to run CRS 3.1
The issue comes from the following rule
The issue appears to be
setvar:'global.alerted_970018_iisDefLoc',\
. The issue is probably that setvar doesn't support collection assignment.The text was updated successfully, but these errors were encountered: