Reputation: 2027
Syntax error on owasp rules
EDITED: My last move was remove spaces and some other modifications. still no results
I created a whitelist.conf for the modsecurity-crs rules.
I put that simple code
<LocationMatch "/">
</LocationMatch>
The result is
httpd: Syntax error on line 420 of /usr/local/apache/conf/httpd.conf: Syntax error on line 14 of /usr/local/apache/conf.d/mod_security.conf: Syntax error on line 1 of /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf: /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf:1: was not closed. [FAILED]
How can it be a syntax error? Im really stucked with that.
Note: If i put an empty fail, do not fai and obviosly does nothing.
If a put </LocationMatch> the fail is about not detect <LocationMatch> opening tag.
Seems to do not recognize </LocationMatch> at all.
Examples here https://wordpress.org/support/topic/disable-mod-security
UPDATED: I really think that the bundled (in some hosting package i won't mention) CSR did contain some mistake, because i used it without modify it at all, so, something is wrong from the start. After reading nothing made it work, so i've simply leaved that hosting software provinding that. I'll not expect that weird behavior for a up-to-date CSR with not custom tweaking. Thanks.
Upvotes: 1
Views: 1408
Answers (1)
Reputation: 504
At first you have to find which rule blocked your script .
You can find the errors and rule Id's on the file "modsec_audit.log"
All requests that trigger a ModSecurity events (as detected) or a serer error are logged ("RelevantOnly") are logged into this file.
This file must be located on /usr/local/apache/logs/modsec_audit.log or /var/log/httpd/modsec_audit.log
Open file : /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf
So , you can disable the rule for that file or files with this code :
<LocationMatch "/patchtofile">
SecRuleRemoveById 000000
</LocationMatch>
You have to replace patchtofile > file you got error on modsec_audit.log , and you need to replace 000000 with the rule ID you finded on log file . you have to this for each file and error you found.
Also you can disable the rules for a whole directory you want :
<LocationMatch "/patchtodir">
SecRuleRemoveById 000000
</LocationMatch>
Replace patchtodir with directory patch and replace the rule Id too
Upvotes: 3
Related Questions
- OWASP CRS MoD security false positive - rule 942150 "@contains"
- Varnish modsecurity rules syntax errors
- modsecurity_rules_file directive Rules error
- Extra sensitive Mod Security rules giving 403 forbidden error
- Updating Apache Mod Security Core Rule OWASP Rule 950120 to allow URLs in one specific input
- Setting Up Owasp crs rules Error creating rule: Failed to resolve operator: detectXSS on line 56
- Excluding group of rules for specific arguments
- Using Regular Expression in updating an argument in Mod Security Core Ruleset OWASP
- How can I modify a pattern in Modsecurity Core Rule Set
- Mod security whitelist, multiple conditions