> Em 13 de dez de 2019, à(s) 10:09, Christopher Faulet <cfau...@haproxy.com>
> escreveu:
>
> Le 10/12/2019 à 05:24, Igor Cicimov a écrit :
>>
>> Testing with Haproxy 2.0.10 but same result with 1.8.23. The versions of
>> ModSecurity is 2.9.2 and the OWASP rules v3.0.2
>> What am I doing wrong? Can anyone provide a request that should confirm if
>> the module is working or not from or share the experience from their own
>> setup?
>
> Hi Igor,
>
> First of all, I don't know how the modsecurity agent really work. But I'm
> surprised to see it returns -101. In the code, -1, 0 or an HTTP status code
> is expected. And only 0 or the HTTP status code is returned to HAProxy. I
> don't know if -101 is a valid return value from modsecurity point of view.
> But it is not from the agent one.
>
> Then, You don't have an error 403 because the variable txn.modsec.code is
> negative, so the deny http-request rule is never triggered. So, I guess your
> error 400 comes from your webserver. You can enabled HTTP log to have more
> information.
>
> Finally, I notice some requests to the SPOA agent seems to have failed. The
> variable is not set (- in the logs). You can try to enable SPOE logs in your
> SPOE engine configuration. Take a look at the SPOE documentation
> (doc/SPOE.txt) for more information.
Hi, perhaps this thread helps:
https://www.mail-archive.com/haproxy@formilux.org/msg30061.html
And perhaps this building of ModSecurity SPOA will also help:
https://github.com/jcmoraisjr/modsecurity-spoa/blob/v0.5/rootfs/Dockerfile
~jm
