Hi Anna,
no, you did perfectly fine with your configuration. Unfortunately the variable
REQBODY_PROCESSOR_ERROR
has been renamed to REQBODY_ERROR without keeping an alias of the old name.
This happened in ModSecurity 2.6 if I remember correctly.
The new versions of the core rules use the new name of the variable.
Since you are obviously using ModSecurity < 2.6, you will need to change the
variable name
REQBODY_ERROR to REQBODY_PROCESSOR_ERROR
in your modsecurity_crs_20_protocol_violations.conf file.
That should fix the problem.
Best regards,
Chris
Am 01.11.2011 um 21:55 schrieb Anna Chulaki:
> I have upgraded CRS on our server from 2.1.2 to 2.2.2. I get an error
> starting Apache server unless I comment out the following rule in
> base_rules/modsecurity_crs_20_protocol_violations.conf:
>
> SecRule REQBODY_ERROR "!@eq 0" \
> "phase:2,t:none,block,msg:'Failed to parse request
> body.',id:'960912',logdata:'%{reqbody_error_msg}',severity:2,
> setvar:'tx.msg=%{rule.msg}',setvar:'tx.id=%{rule.id}',tag:'RULE_MATURITY/7',tag:'RULE_ACCURACY/8',tag:'https://www.owasp
>
> .org/index.php/ModSecurity_CRS_RuleID-%{tx.id}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol
>
> _violation_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%
> {matched_var}"
>
> Error message:
> Starting httpd: Syntax error on line 91 of
> /etc/httpd/modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf:
> Error creating rule: Unknown variable: REQBODY_ERROR
>
> Did I miss something in the installation instructions?
>
> Anna Chulaki
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> [email protected]
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
