I've been playing around with modsecurity 2.7.0-RC2 for IIS along with the
OWASP rules. When running any rule set that calls for a data file through
@pmFromFile the application pool crashes. I've given read access to 'Everyone'
on the data files being read without success. Anyone else run into this
problem? Rule:SecRule REQUEST_HEADERS:User-Agent "@pmFromFile
modsecurity_35_scanners.data" \
"phase:2,rev:'2.2.5',t:none,t:lowercase,block,msg:'Request Indicates a
Security Scanner Scanned the
Site',id:'990002',tag:'AUTOMATION/SECURITY_SCANNER',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10',severity:'4',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.automation_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-AUTOMATION/SECURITY_SCANNER-%{matched_var_name}=%{matched_var}"
Crash:w3wp.exe
7.5.7601.17514
4ce7afa2
libapr-1.dll
1.4.5.0
500eaf34
c0000005
00000000000099f8
1e08
01cd7675752af369
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\inetsrv\libapr-1.dll
b4147ab9-e268-11e1-82b3-4437e66c2115
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
