Rajesh Siluvainathan
Reputation: 31
ModSecurity: No action id present within the rule
[root@vmn-ssd-42 ~]# httpd -t
Syntax error on line 17 of /etc/httpd/conf.d/mod_security.conf:
ModSecurity: No action id present within the rule
SecRuleEngine On
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" \
"chain,phase:2,t:none,t:lowercase,deny,msg:'ModSecurity DoS attempt - NULL part header name'"
Upvotes: 3
Views: 4409
Answers (1)
Barry Pollard
Reputation: 46050
Since ModSecurity 2.7 the id attribute is mandatory. Your second rule does not contain an id.
Change it from this:
SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" \
"chain,phase:2,t:none,t:lowercase,deny,msg:'ModSecurity DoS attempt - NULL part header name'"
To this (assuming rule id 200001 is not used elsewhere):
SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" \
"id:'200001', chain,phase:2,t:none,t:lowercase,deny,msg:'ModSecurity DoS attempt - NULL part header name'"
Upvotes: 4
Related Questions
- Mod_security rule exception for url/arg
- Debugging triggered modsecurity rule hits
- ModSecurity default action when no rule is match?
- ModSecurity rule 214940 warning
- Extra sensitive Mod Security rules giving 403 forbidden error
- Disaabe rule by ID in modsecurity on apache
- mod_security rule 981203 false positive
- ModSecurity - error parsing actions unknown action \\
- Updating an arugement of a ModSecurity Core Rule
- ModSecurity not blocking attacks