[Owasp-modsecurity-core-rule-set] DOS_Protection Problem: Could not set variable "ip.dos_counter" as the collection does not exist.

JPow (powster) Fri, 13 Jul 2012 07:04:58 -0700

Hi there,

I am facing a problem where I get "Could not set variable "ip.dos_counter"
as the collection does not exist." debug output when using the
dos_protection rule set ( "modsecurity_crs_11_dos_protection.conf").
* DOS_Protection works as it should, so no issues with that (I have
uncommented the relevant lines in the crs_10_setup.conf, as well as properly
linked up the crs_11_dos_protection.conf
* However, I find that the debug is littered with "Could not set variable
"ip.dos_counter" as the collection does not exist."
* I've realized that this is NOT a problem with INITCOL:IP not being called
in the setup conf file --> This works properly (I am using the default
crs_10_setup.conf)
* The issue ONLY occurs with Apache (internal dummy connection) (see below
debug / audit output)
> * If you see below Audit Output, it is not a standard "GET" request.
> * From my understanding, Apache's internal dummy connections are just done by
> Apache to wake up its child processes.
* I am puzzled why this happens, because I thought there already is an
exception for Apache internal dummy connections in 47
common_exceptions.conf?
Any reason why these dummy connections are still causing the error messages
in the debug? And if so, how to solve this issue?


Thanks!

My system:
-Ubuntu 12.04 on Amazon EC2
-Apache 2.6.3 Mod_Security
-OWASP_CRS/2.2.5.

Debug output:
[13/Jul/2012:13:29:46 +0000]
[ip-XX-XXX-XX-XX.ap-southeast-1.compute.internal/sid#7f40d4a48370][rid#7f40d
64c60a0][*][3] Could not set variable "ip.dos_counter" as the collection
does not exist.

Audit Output:
--695eef13-A--
[13/Jul/2012:13:29:46 +0000] UAAiygqAUUgAABqMEm0AAAAE 127.0.0.1 34716
127.0.0.1 80
--695eef13-B--
OPTIONS * HTTP/1.0
User-Agent: Apache (internal dummy connection)

--695eef13-F--
HTTP/1.1 200 OK
Content-Length: 0
Connection: close

--695eef13-H--
Message: Could not set variable "ip.dos_counter" as the collection does not
exist.
Stopwatch: 1342186186315250 284 (- - -)
Stopwatch2: 1342186186315250 284; combined=119, p1=0, p2=0, p3=0, p4=0,
p5=118, sr=0, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/);
OWASP_CRS/2.2.5; OWASP_CRS/2.2.5.
Server: Apache

--695eef13-Z--

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] DOS_Protection Problem: Could not set variable "ip.dos_counter" as the collection does not exist.

Reply via email to