Ah, I guess you aren't using ModSecurity v2.6.0. You should use the older variable name then - REQBODY_PROCESSOR_ERROR
Ryan On May 27, 2011, at 3:16 PM, "Arthur Dent" <[email protected]<mailto:[email protected]>> wrote: On Thu, 2011-05-26 at 18:11 -0500, Ryan Barnett wrote: Hello everyone, I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.2.0. This is a significant update as we have added a number of very important capabilities. CHANGE LOG - Hi Ryan, I have just installed this CRS update and on restarting Apache I get the following error: # service httpd restart Stopping httpd: [ OK ] Starting httpd: Syntax error on line 91 of /etc/httpd/modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf: Error creating rule: Unknown variable: REQBODY_ERROR [FAILED] I am just dashing out and don't have time to troubleshoot. For now I have just commented out lines 90 & 91 ##SecRule REQBODY_ERROR "!@eq 0" \ ## "phase:2,t:none,block,msg:'Failed to parse request body.',id:'960912',logdata:'%{reqbody_error_msg}',severity:2,setvar:'tx.msg=%{rule.msg}',setvar:'tx.id=%{rule.id}',tag:'RULE_MATURITY/7',tag:'RULE_ACCURACY/8',tag:'https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-%{tx.id}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}" What is the proper fix? Thanks in advance... Mark <signature.asc> _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected]<mailto:[email protected]> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
